CN105765556A

CN105765556A - Customer-directed networking limits in distributed systems

Info

Publication number: CN105765556A
Application number: CN201480064245.9A
Authority: CN
Inventors: A·M·立萨克
Original assignee: Amazon Technologies Inc
Current assignee: Amazon Technologies Inc
Priority date: 2013-11-25
Filing date: 2014-11-25
Publication date: 2016-07-13
Also published as: CN112134741A; JP6679673B2; JP7057796B2; EP3671480A1; EP3671480B1; CA3051918A1; JP6450759B2; JP2016541183A; CA2931524C; AU2017251757B2; JP2020096385A; EP3074876A1; CA2931524A1; JP2018170803A; AU2014352692A1; CA3051933A1; AU2014352692B2; WO2015077756A1; EP3982270A1; EP3074876A4

Abstract

Methods and apparatus for supporting customer-directed networking limits in distributed systems are disclosed. A client request is received via a programmatic interface, and indicates a particular lower resource usage limit to be imposed on at least one category of network traffic at a particular instance of a network-accessible service. Resource usage metrics for one or more categories of network traffic at the particular instance are obtained. In response to a determination that resource usage at the particular instance has reached a threshold level, one or more responsive actions are initiated.

Description

The networking restriction of the customer orientation in distributed system

Background technology

Many companies and other tissue manipulation make many computing systems interconnection computer network to support its operation, such as be positioned at same place (such as, part as LAN) or it is alternatively positioned at the computing system of multiple different geographical position (such as, connecting) via one or more special or public go-between.For example, the data center of the computing system holding a large amount of interconnection has become ordinary, such as by single tissue manipulation and the exclusive data center representing single tissue, and is provided, by the physical operation as enterprise, the public data center calculating resource to client.Some public data center operator provides the installation of network insertion, electric power and safety for the hardware that each client has, and other public data center operator provides " complete service " facility, and it also includes the hardware resource that can be used by its client.But, along with scale and the scope of typical data center increase, it is provided that, administer and manage the task of physical computing resources and become day by day complicated.

The appearance of the Intel Virtualization Technology of commodity hardware has been provided that about the many customer account management large-scale calculations resources for having various needs, thus allowing the benefit that various calculating resource is shared efficiently and safely by multiple clients.For example, Intel Virtualization Technology can pass through to provide by one or more virtual machines of single physical computing machine trustship to each user, also provides application isolation and safety to allow single physical computing machine to share in multiple users in various virtual machines simultaneously.Each virtual machine is regarded as the software simulation serving as different logic computing system, and it is the sole operators of given hardware computing resource and gerentocratic illusion that logic computing system provides a user with them.Additionally, some Intel Virtualization Technologies can provide the virtual resource crossing over two or more physical resources, such as, there is the single virtual machine crossing over multiple different physical computing systems of multiple virtual processor.

Functional and the feature supported along with the supplier of virtualization calculating, storage and networked resources increases, and along with the hardware platform group used by extensive supplier increases, the realization of management control operation (such as managing network flow) of platform itself can be become considerably complicated.In many cases, the functional and availability of the application run on these platforms can depend on the other parts with supplier's network and/or the network service with external entity (such as client or third party) widely.When attempting to realize desired application performance grade, the operator of these distributed systems is likely to usual built vertical high bandwidth network base structure.But, although providing high bandwidth interconnection device and link, but the network bandwidth becomes bottleneck in many cases, when especially giving the time dependent of the application to many types of deployment and depend on the bandwidth requirement of position.Virtualization can make the management network bandwidth (and waiting time and other networking features) become even more difficult problem, because the various virtual machines realized on single hardware platform are likely to be of the widely varied networking requirements that the shared networking components having to use platform meets, and also because can change in the set of applications at given hardware platform place and the virtual machine of instantiation.

Accompanying drawing explanation

Fig. 1 illustrates the example of the system according at least some embodiment, realizes centralized networked deployment service within the system to manage the network traffics at multiple node places of distributed computing environment.

Fig. 2 illustrates the example of the supplier's network environment according at least some embodiment, sets up corresponding networked deployment server in this network environment in each in some used vessels.

Fig. 3 illustrates the example of the cluster manager module according at least some embodiment, and it can interpret the traffic classification metadata that virtualization calculates the example host place of service.

Fig. 4 a to Fig. 4 c illustrates the respective instance of the agreement according at least some embodiment, and described agreement may be used to traffic classification metadata transmission to example host.

Fig. 5 illustrates the example of the classification tree data structure according at least some embodiment, its network traffics kind that may be used to represent the networked deployment at the device place of distributed system.

Fig. 6 illustrates the example according to the hierachical data structure of at least some embodiment, and it may be used to the network traffics kind of information of multiple example host of data splitting center.

Fig. 7 illustrates the example of the traffic classification programme diagram according at least some embodiment, and it can make the kind for determining network traffics unit together with classification tree.

Fig. 8 illustrates the example of the use of the look-up table node of the traffic classification programme diagram according at least some embodiment.

Fig. 9 illustrates the example of the response tolerance according at least some embodiment, and it may be used to determine the value of one or more parameters that networked deployment services.

Figure 10 illustrates being performed with the flow chart of configuration and the operating aspect of the assembly initializing networked deployment service according at least some embodiment.

Figure 11 illustrates being performed with the flow chart of generation and the operating aspect of the traffic classification metadata of distribution networked deployment service according at least some embodiment.

Figure 12 illustrates the flow chart being performed in response to change the operating aspect of network management parameter in triggering event according at least some embodiment.

Figure 13 illustrates the flow chart of operating aspect being performed unified view to provide from networking related status information to the client of distributed system according at least some embodiment.

Figure 14 illustrates the example of the customizable thermal map of the topology visualization server generation of at least Node subsets of Tong Guo the distributed system according at least some embodiment.

Figure 15 illustrates the example that may be used to produce the different subsets of the tolerance collected by the thermal map of the non-management client of service manager and service according at least some embodiment.

Figure 16 illustrates the example of the routine interface based on web of the thermal map that may be used to display network topology according at least some embodiment.

The instance elements of the visualization request that Figure 17 explanation receives via routine interface according to Tong Guo the topology visualization server of at least some embodiment.

Figure 18 illustrates the operating aspect of the topology visualization of the performance indicator being performed the various nodes including distributed system with generation according at least some embodiment.

Figure 19 illustrates the example of the calculated examples type set of the service of the be implemented for network-accessible according at least some embodiment, and wherein different instances type has respective bandwidth restriction and respective bandwidth use pricing strategy set.

Figure 20 illustrates that the resource that can be received by networked deployment server according at least some embodiment uses restriction to reduce the instance elements of request.

Figure 21 illustrates the example of the foundation of the foundation of the total resources use restriction setting of the client account of the service of the network-accessible according at least some embodiment and the related resource use restriction setting of groups of users, individual user and interlock account.

Figure 22 illustrates that the resource being performed to enable the client to reduce one or more nodes of the service to network-accessible according at least some embodiment uses the operating aspect of restriction.

Figure 23 illustrates that the resource being performed to enable the client to submit the node place with distributed system to according at least some embodiment uses the operating aspect limiting the inquiry being associated.

Figure 24 is the block diagram of the example calculation device that explanation can use at least some embodiment.

Although describing embodiment by example for some embodiments and illustrative embodiments herein, but those skilled in the art will appreciate that embodiment is not limited to described embodiment or accompanying drawing.Should be understood that accompanying drawing and its detailed description are not intended to be limited to embodiment disclosed particular form, but on the contrary, the present invention will contain all modifications, equivalent and the substitute that drop in the spirit and scope such as appended claims definition.Title used herein is only for organizational goal, and does not mean that to limit description or scope of the claims.As the application in full in institute use, word "available" is to permit meaning (namely, it is meant that have possibility), rather than pressure meaning (namely, it is meant that must) use.Similarly, word " including (" include " " including " and " includes ") " means to include but not limited to.

Detailed description of the invention

Describe the various embodiments of the method and apparatus operated for configuration of networked in large scale distributed system (such as supplier's network).In some embodiments, centralized networked deployment Managed Solution can be realized, can make at one or more networked deployment server (NCS) places according to described scheme limit about bandwidth, various types of decisions of other traffic shaping parameter of latency management and the many nodes (such as main frame and network equipment) for distributed system.(in some embodiments, networked deployment server is also referred to as " bandwidth arbitration server ", because the prime responsibility of server can be use via the bandwidth that various traffic classes apply the assembly place that respective bandwidth restriction carrys out managing distributing type system.) metadata (including such as traffic classification program or rule and the networked deployment option for various traffic classes) the available portable form being prone to resolve in order to realize determining is transmitted the node to distributed system from NCS.Node place in distributed system, such as can interpret, by the network management module in virtual management software, the metadata received, to produce at network traffics scheduling bag or other unit or it to be classified when being received, and it is applied in the decision made at BAS place and dispatches and/or regulate the transmission of flow.Produce therefore to be disposed the responsibility of the logic (it can need the analysis to the marvellous input data set obtained from multiple source at least some cases) being used for traffic shaping by centralized networked deployment server, and logic can by relatively simple control module application in each node.In at least some embodiment, transmission can based on the tolerance collected from node, on that node, essence of application of operation etc. be specifically customized for that node to the metadata of given node.Networked deployment management technique can include the support to routine interface, in some embodiments routine interface make the client of distributed system be obtained in that paid close attention to resource networking correlation behavior unification or merge view.In at least some embodiment, can use thermal map or other visualization tool to show resource use designator (such as institute's measuring tape width with can application bandwidth restriction ratio).In at least some embodiment, also can realizing routine interface so that client and/or manager can submit various types of configuring request to centralized networked deployment system, this can such as cause the rule that the classification determining and being disseminated to each node at NCS place is correlated with and/or the change networking setting.In at least some embodiment, client can ask the bandwidth to various resources (such as Service Instance) to limit the minimizing of (or other type of resource uses restriction).In at least some implementation, part or all of be embodied as web services of networked deployment scheme, for instance, can for web services routine interfaces one or more with various types of Cross supports of networked deployment server.

In major part described below, it is provided that person's network is used as the example of distributed system, can realize centralized networked deployment technology within the system.Set up to provide the network of the service of the one or more network-accessibles that can be accessed via the Internet and/or other network by distributed clients set (such as various types of based on the data base of cloud, calculating or storage service) that supplier's network can be called in this article by the entity of such as company or public sector tissue.At least some in service can be packed by the service unit being called " example " and be used for client: for example, can represent " calculated examples " by virtualizing the virtual machine calculating service instantiation, and " storage example " can be called by storing the storage device (such as block level capacity) of service instantiation.In some embodiments, relatively the example of high-level service can use calculated examples and/or storage example pack-such as, in some embodiments, database instance can use calculated examples with storage example combination set up.The calculation element of such as server and/or storage device can be called " example host " or in this article referred to as " main frame ", it is provided that these unit of the service of the various network-accessibles of person's network realize at calculation element place.Remainder at this document, term " client " can refer to when being used as source or the destination of given communication that entity (such as organizing, have the group of multiple user or unique user) has, by entity management or distribution to any one in the calculation element of entity, process, hardware module or software module, entity is able to access that and utilizes the service of at least one network-accessible of supplier's network.

Given supplier's network can include many data centers (it can be distributed in different geographic regions) of the various resource pool of trustship, such as realizes, the base structure of configuration and distribution supplier's supply and required series of physical and/or the Virtualization Computer server of service, each has the storage server of one or more storage device, networked devices and analog.In various embodiments, some different hardware and/or component software (some of them can in different data centers or in different geographic area instantiations or execution) can collective be used for realizing each in service.Client can according to the device being positioned at that client has or client-side management building or data center of supplier's network-external and/or according to the device of supplier's network and the resource at supplier's network place and service interaction.In at least some embodiment, the virtualization calculating service supplying various types of calculated examples can realize in supplier's network, and these calculated examples can be distributed to client.Other service of supplier's network can from these calculated examples and from external position access.It should be noted that, although supplier's network is used as the many example background that can realize in bandwidth management techniques described herein, but those technology also apply be applicable to the other type of distributed system except supplier's network, for instance the different assemblies being applied to application can have the large-scale distributed applied environment that time dependent bandwidth needs.

According at least one embodiment, some NCS in each examples of locations in supplier's network, wherein such as can determine number and the distribution of NCS based on performance as described below and/or usability principles.NCS can be configured to each node from supplier's network and obtain the tolerance that network is relevant, such as from the example host of the various types of services realized supplier's network, and/or from helping to make various types of network equipments (switch, router, gateway and analog) of Bandwidth Management decision.For example, in various embodiments, can collect about the reality network traffics that are incoming and that spread out of at interim time given main frame place, the number of bag declined in interim time, the number of bag that transmission postpones because implementing current bandwidth restriction, bag size, represent the described application of the flow being applied to or occurring from given node, represent the information that client initiates the IP address of the end points related to the described client of flow and/or various transmission.In some embodiments, input from other source can also be used for making Bandwidth Management and determines: such as, security service can realize attempting to identify network intrusions or attack in some supplier's networks, such as distributed denial of service (DDOS) is attacked, and the alarm about possible attack can affect bandwidth restriction change or traffic classes definition.In at least one embodiment, it is provided that person's network can include by according to based on IP address or by according to the service of aggregation network flow tolerance based on client, for instance be used for managing and/or charging purpose, and these gatherings also can provide input to NCS.In some embodiments, the client of the service of one or more network-accessibles of supplier's network and/or manager can submit, to NCS, the request or other configuring request that bandwidth is relevant to, such as to overwhelm one or more Bandwidth Management parameters of particular instance main frame or network equipment, and these requests also can be facilitated in the NCS decision made.

Being at least partially based on these inputs, given NCS can determine that the various networked deployment options used at the given node place of supplier's network and/or program.In some cases, one or more overall and/or locally networked management strategy is also contemplated for when determining parameter.In one embodiment, it may be determined that the set of traffic classes or level, together with the various networked deployment options (such as bandwidth restriction, waiting time target or constraint etc.) of each being used for kind of apoplexy due to endogenous wind.In some implementations, plane classification (being equivalent to the level of only one-level) can be used, and in other implementation, be usable in the multi-level hierarchy between node not at the same level with mother child relation.In the description that follows, term as used in this article " level " is intended to single-stage or the multiclass classification of plane classification and instruction mother child relation.Except level, it is possible to determine the program (such as, by the sequence of the deciding step of application or rule) in order to any given network packet (or any suitable unit of data transmission) is classified in the one of kind of apoplexy due to endogenous wind.About traffic classes with by the information of logic or rule in order to flow cell to be mapped to kind in this article can together be called " traffic classification metadata " or " classification metadata ".Owing to main frame given at least some embodiment can include the combination of the Service Instance different from another main frame, and the networking requirements of the application realized at the Service Instance place of given main frame can apply the networking requirements at (at same main frame place or other main frame place) from other different, therefore the different sets of networked deployment parameter is suitably adapted for different main frame.Therefore, in at least some embodiment, can customizing classification metadata-such as at least some node, the classification metadata produced for a node (such as example host IH1) of supplier's network can be different from the classification metadata produced for different nodes (such as example host IH2).For the different sets of such as different node definition traffic classes, or different bandwidth restrictions or latency requirement can be set for same traffic classes, or at least some step of flow cell sort program can be different.In at least some implementation, for various network equipments (such as, for switch, router, gateway or load equalizer or for network-attached storage device) the networked deployment parameter determined can at least partly from the Bandwidth Management parameter of the host complexes being associated with device or affected by device obtain-such as, if the flow that particular switch is for being transferred into and out to eight main frames, then the bandwidth restriction of the switch of a certain traffic classes can limit from the bandwidth of eight main frames and obtain.

In various embodiments, can be different from each other in various properties for the traffic classes of given node definition by NCS.In one embodiment, can creating variety classes-such as the different sets of network endpoint, IP (Internet Protocol) address of flow destination (or source) may be used to sort out flow.In another embodiment, represent the kind of described application of application traffic flowing can be used for flow sort out-such as, the flow that data base is correlated with is placed in a kind apoplexy due to endogenous wind, and the flow relevant to high-performance calculation is placed in another kind apoplexy due to endogenous wind.In some embodiments, the aspect representing the budget that client produces the described client of flow and/or client or the contractual agreement reached with client may be used to definition traffic classes.In some embodiments that the service of multiple network-accessibles realizes in a distributed system, traffic classes can be defined based on the described service representing service generation particular flow rate unit.In various embodiments, if using the classification based on service and given bag to be associated with two or more services, if such as the database instance of representation database service transmits packet from storage service, so bag can be categorized as and belong to source service (that is, transmitting terminal) or destination's service (receiving terminal).In at least one embodiment, client can provide and can be used the instruction of one or more character so that flow cell to be classified-such as by networked deployment service, client can ask temporarily, at least some set of calculated examples to be identified as high priority example, and to or can correspondingly be categorized as from the flow of those examples there is the high-priority traffic that high bandwidth limits.

In some embodiments; NCS can use tree or similar hierachical data structure carry out the modeling of the traffic classes to given supplier's network node or represent the traffic classes of given supplier's network node, and wherein respective bandwidth restriction and/or other networked deployment option are assigned to each node of tree.In at least some implementation, bandwidth summation strategy can be applicable to classification tree.According to this strategy, if tree have child node C1, C2 ... the given parent node P of Ck has the bandwidth restriction of X bps, then with child node C1, C2 during preset time section ... the summation of the actual flow that Ck is associated is likely to limit less than the bandwidth of parent node.Consider example, wherein for the flow spread out of, the bandwidth restriction of P is set to 1 gigabit/second, and P has two child node C1 and C2, for the flow spread out of, the bandwidth restriction of each in child node C1 and C2 is also configured as 1 gigabit/second.If the flow being categorized as C1 flow in given period 0.6 second kilomegabit flows from example, then can permit the flow being categorized as C2 flow less than 0.4 kilomegabit, even if the indivedual limit for C2 definition are higher also so.Certainly, in various embodiments, summation strategy based on mother child relation is likely to uncorrelated or is not useable for the NCS some type of networked deployment option determined, such as waiting time constraint or target, quality of service goals, bag subsection setup, or the setting determined about bag size at least partly.

Outside representing traffic classes set except with tree or tree, in some embodiments, NCS also can produce the second data structure to by order to flow cell to be categorized into various types of Procedure modeling.In some implementations, the second data structure that can be called sort program figure can include determining one or more sequences of node, and wherein each successive nodes of given sequence indicates the one or more criterions in order to flow cell to be categorized into narrower kind.In at least one implementation, some in the decision node of sort program figure can include the look-up table (such as hash table) that can be used for selecting a kind from the selection of multiple kinds.Can based on the entity of look-up table is indexed by one or more character of the network traffics being classified unit-such as, part or all of destination or source IP addresses can be used for indexing, or a part for another packet head field or the content of main body even wrapped may be used to lookup particular items in table.In at least some embodiment, lookup table entries may result in again another sort program figure or subgraph.Therefore, in these implementations, the Given Properties of bag can first result in selection lookup table entries from some possible lookup table entries, and the process of the lookup table entries then selected may result in again the traversal of another set (itself can include other look-up table) determining node, finally end in the kind identifying bag.These program steps can be used in various embodiments to define quite fine fine granularity kind mapping graph for network packet and/or other flow cell, thus realizing the traffic shaping of complexity.In at least some implementation, different classification levels and/or program can be produced for flow that is incoming and that spread out of.

Traffic classes set that the metadata making generation includes having the networked deployment option being associated and in order to network traffics unit to be mapped to the logic of kind, in some embodiments, NCS can produce the portable expression of the metadata for transmitting the node to application metadata.For example, in various implementations, one or two composition of metadata can encode according to industry standard protocol or language such as JSON (JavaScript object representation), XML (extensible markup language), the YAML Serialization formats of some possible extension of " another kind of markup language " or " YAML is not markup language " (its initial have such as).In other implementation, proprietary coding techniques or agreement may be used to produce the portable versions of data structure.

Portable expression can transmit the destination node to supplier's network or distributed system, for instance to controlling/management module, such as can the network management module of program that indicated by programme diagram of analytic representation realization.Use the metadata received, at destination node place, various flow cell can be classified to suitable kind apoplexy due to endogenous wind subsequently, and can dispatch and/or regulate according to the networked deployment option (such as bandwidth restriction or latency requirement) indicated for its corresponding discharge kind or postpone the transmission of various network.Can, by the metric feedback of collection during these transmission to NCS, be enable to improve metadata in the time period subsequently.Therefore, feedback circuit can be set up between the node of NCS and the final decision realizing making at NCS place, thus allowing to dynamically adjust network management parameter in time.In various embodiments, these customizable traffic classifications and configuring technical is used can to make the centralized networked deployment system can at each several part place of supplier's network by flow-control be shaped as any desired particle size grade.

In various embodiments, various methods can be used for classification metadata is distributed to destination node.For example, in one embodiment, NCS can be configured to periodically each that classification metadata " propellings movement " has extremely been assigned with in the main frame of NCS and/or network equipment by (such as, at least every X minute once).In some embodiments, various types of triggering events (such as detecting possible network intrusions or attack) may result in the distribution of new classification metadata.For example, it is intended to alleviate or limit the impact attacked, it is possible to decrease the bandwidth restriction at some node set places, or definable has the New raxa of low bandwidth restriction, as further detailed below.In another embodiment, it is provided that at least some node of person's network can such as by sending metadata request to NCS and " pulling " traffic classification metadata as response reception metadata from the NCS of its appointment.In some embodiments, the push technology of scheduling can be used, based on the initial combination pulling technology of the distribution of metadata of the event of triggering and/or node.

In some embodiments, it is provided that person's network or other distributed systems can be organized into multiple geographic area, and each region can include one or more used vessel, and it is in this article also referred to as " available area ".Used vessel can include again one or more different position or data center, and it is planned in one way so that the resource in given used vessel and the inefficacy isolation in other used vessel.That is, it is contemplated that the inefficacy possibility in a used vessel will not to the inefficacy in other used vessel any in time or in cause and effect relevant；Therefore, the enabled mode of resource instances or control server is intended to independent of the resource instances in different used vessels or the enabled mode controlling server.Client can by start in corresponding used vessel multiple application example protect its application in case losing efficacy in single position.Meanwhile, in some implementations, cheap and low latency network can be provided between the resource instances resided in same geographic area to connect (and the network transmission between the resource of same used vessel can even faster).In order to realize required availability and/or performance rate for networked deployment system, in some of such embodiment, at least one networked deployment server can be set up in each available area.In some embodiments, at least one NCS can be set up in each data center.In some embodiments, performance requirement-such as can be at least partially based on by producing the bandwidth restriction of amendment and can determine the number of the NCS set up in given area, used vessel or data center in response to the rapid degree of the event of network attack or other triggering in the restriction of suitable node set place application amendment based on networked deployment system.

According to an embodiment, one or more routine interface (such as API (application programming interface), Web page, command-line tool, graphic user interface and analog) other service use for client and/or supplier's network can be realized by networked deployment system.In a this embodiment, as mentioned above, the client of various services or manager can submit to configuring request (such as bandwidth overwhelms request) to arrange or to change the networked deployment option of particular service instance or main frame.Some clients may want to such as increase the bandwidth restriction of (or reduction) at least some application at least some interval.In some embodiments, given client can be assigned with many Service Instances (such as hundreds of or several thousand calculated examples, storage example, database instance and analog), and client may want to obtain the up-to-date merging view of networking state (including arranging and analog application bandwidth restriction, waiting time) of its Service Instance subset.In some embodiments, the routine interface of networked deployment service may be used to such as by supplier's network-based control platform service or provide this unified view by the network view generator of some other merging.In some embodiments, routine interface also can be serviced (such as the example of the responsible example host identified will start new Service Instance places service) use by other.When particular instance main frame being considered as the candidate of new Service Instance, this places service can obtain information from the networked deployment service used on routine interface, the nearest bandwidth usage trend at such as candidate place, network transmit the current network bandwidth restriction set up or the waiting time setting of number of times adjusted recently and/or that example host, and use this information when determining the placement of new Service Instance.

Instance system environment

Fig. 1 illustrates the example of the system 100 according at least some embodiment, realizes centralized networked deployment service within system 100 to manage the network traffics at multiple node places of distributed computing environment.As indicated, the pond 182 of networked deployment server 180 (such as NCS180A and NCS180B) can be set up.In some embodiments, NCS180 can be distributed in the various data centers of computing environment, as illustrated in figure 2 with described below.Given NCS180 can such as include one or more software and/or hardware module in various embodiments, and multiple calculation element itself can be used in some cases to realize.NCS180 can be configured to receive input from several different types of sources.In the embodiment described, can by NCS based on input and/or in view of overall situation network management strategy 122 determines customizable traffic classification logic and the networked deployment option (such as bandwidth restriction) at the various element places by being applied to distributed computing environment.Service from the angle of networked deployment, can be three senior kinds by the part classification of distributed computing environment: measure relevant assembly 107, decision assembly 108 and realize assembly 109.Measure the various input sources that relevant assembly 107 can include NCS；Determine that assembly 108 can include NCS itself；And realize assembly 109 can presentation-entity, perform decision at entity place and come shaping network flow, or by determining that output that assembly produces is for other purposes.Can by the following feedback circuit set up and be similar to classical control system feedback circuit: obtain from some (such as the Service Instance main frames 144 and/or network equipment 145) realized assembly and measure and use those tolerance to determine the NCS180 decision being then made as, described decision can be implemented again, thus causing the extra measurement of the decision in future of impact in turn.

In the embodiment described, such as can collect the relevant tolerance of networking of some types by measuring catcher 125 from example host 144 and/or interconnection device 145, and described tolerance can be placed in the measurement database 190 that can be accessed by NCS180.For example, these tolerance may be included in the network traffics speed that is incoming and that spread out of at interim time given main frame place (such as, represent with byte or bag), corresponding to the number that the network of the such as various agreements of TCP (transmission control protocol) or UDP (UDP) connects, the number of bag declined in interim time and the reason of bag decline, the number of the bag that transmission postpones because implementing current bandwidth restriction, the distribution of the size of bag, represent the described application of the flow being applied to or occurring from given node, represent the described client of the initial flow of client, the IP address of the end points related in the waiting time and/or various transmission that are associated is delivered with bag.Except being stored in the tolerance in data base 190, NCS also can receive input from the source that additionally enters data to 110 (such as security service 111 or flow tolerance collector 112) of system 100.Security service 111 can be configured to the flow rate mode at each several part place of monitoring system 100 to detect network intrusions or to attack that (it is outside that some of them can originate from system 100, such as from each position in public the Internet, and other can originate from some in example host 144 itself).When suspicious traffic pattern being detected, for instance if exist be directed to the given network address suddenly and continue the high flow capacity broken out, then security service 111 may be notified that NCS180, and it can take alleviating measures.For example, NCS180 can produce to limit new traffic classes and the corresponding bandwidth of application, or changes the bandwidth restriction of existing kind, and by classification metadata transmission that is that newly revise or that produce to suitable main frame to limit the impact of possible security incident.The set of measurements synthesis bucket that flow tolerance collector 112 can will transmit from catcher 125, for instance the bucket according to IP address or the bucket according to client, and the expression of bucket can be supplied to NCS, and it is put into consideration when making networked deployment and determining.

In the embodiment depicted in fig. 1, client overwhelms request 130 and/or manager overwhelms request and 131 also can work in the NCS180 decision made.For example, based on global policies 122 and other tolerance, NCS180 can determine that the bandwidth restriction of the given flow kind C1 at example host 144 place will be set to 2 gigabit/second for the following time interval just considered.But, calculated examples can submit the request of the bandwidth of 5 gigabit/second for this calculated examples just in the client of this example host place instantiation, or the manager of service realized at this example host place can submit the request that bandwidth is limited to 1 gigabit/second to, and these requests can be made for overwhelming other factors by NCS in the embodiment described.In embodiment client charged according to the bill amount of the network traffics proportional to the amount representing the flow that client is caused, some clients may want to its bandwidth is used apply the upper limit to control cost, and these upper limits may also indicate that the example of the request of overwhelming 130.

According to some embodiments, given NCS180 can produce traffic classification metadata for the one or more example host 144 and/or network equipment 145 being assigned with NCS.In at least some embodiment, it is possible to produce classification metadata for storage device (such as network-attached storage (NAS) device).Metadata can include the level of one or more levels traffic classes, it is represented by such as data tree structure, and each node wherein set represents corresponding discharge kind and has networked deployment option or arrange the set being associated of (such as bandwidth restriction or latency requirement).In some embodiments, flow summation strategy can be applicable to classification tree, and described by Fig. 5, according to flow summation strategy, the actual flow speed being expressed as the traffic classes of the child node of parent node may not exceed the bandwidth restriction of parent node.In some embodiments producing corresponding classification tree for each example host 144, host-level classification tree can be combined into chassis level tree or even data center's level classification tree by NCS180, described by Fig. 6.These higher trees can be used, for instance, with in order to obtain the wider angle to network traffics stream, and/or in order to make than according to example host or according to the decision of the possible higher level of network equipment.

Except classification tree, in the embodiment described, traffic classification metadata may also comprise in order to network traffics unit (such as bag) is mapped to the program of the various kinds of definition in classification tree.Program step can represent the decision node that (such as) is programme diagram.In some implementations, preset sequence figure can include one or more decision sequence node, and wherein successive nodes includes the instruction of the criterion in order to make network traffics unit mate with in succession narrower traffic classes.In at least one implementation, some determine that node can include look-up table, such as hash table.Use this look-up table node, can use single node of graph that given bag or flow cell map to the one in many variety classeses, thus reduce size and the complexity of programme diagram.In some cases, look-up table node entries may act as the pointer of other programme diagram or subgraph, so that fine-grained sorted logic or criterion can be used.Incorporate the programme diagram of look-up table and determine that the example of node is shown in Fig. 6 and Fig. 7 and detailed further below.In at least some embodiment, except being distributed to suitable example host 144 and/or network equipment 145, classification metadata is storable in taxonomy database 192.

According to some embodiments, the metadata produced at NCS180 place can be transmitted to its intended destination via compartment system 127.In some implementations, compartment system 127 itself can include multiple intermediate node, and intermediate node can also be used for the various nodes of other type of meta-data distribution to system 100, and such as routing iinformation and/or access control list.It is used as in the embodiment of thesaurus of produced metadata data base 192, can such as notify (such as, pass through subscription informing mechanism) node when more new database 192 of compartment system 127, and new metadata correspondingly can be sent to suitable destination by the node of compartment system 127.In some embodiments, the agreement of such as JSON, XML, YAML or proprietary technology or language can be used to produce the portable expression of metadata (such as, classification tree and program) by NCS itself or by compartment system 127.In one implementation, portable expression is storable in data base 192.It is located in purpose, such as can resolve, by the network management module of virtual management software stack, the metadata received when example host 144 and represent, as illustrated in Figure 3 and detailed further below.

In one embodiment, one or more API server 170 can be set up to dispose the request being directed at NCS180 place from other output destination 150 realizing subsystem 109.For example, one or more servers can be configured to merge network view generator 152, to provide the unified view of the networking state of the selected part of distributed environment to client.In one implementation, for example, client can be assigned the hundreds of at various example host place or several thousand Service Instances, thereby increases and it is possible to can check various types of tolerance (such as recently incoming/flow rate, the packet rate of decline, the restriction of applicable bandwidth and analog of spreading out of) of the example via the control station that View Generator 152 realizes.In at least one embodiment, placement service 151 is likely to and enough accesses network bandwidth restriction and other tolerance via API server 170 from NCS, this can help to make the decision about the example host that will be used for the new Service Instance started, or contributes to being moved by existing Service Instance to having the example host that less bandwidth connects.

Fig. 2 illustrates the example of the supplier's network environment according at least some embodiment, sets up corresponding networked deployment server in this context in each in some used vessels.As indicated, in the embodiment described, it is provided that person's network 202 can include some used vessel 203, such as 203A, 203B and 203C.Each used vessel can include again one or more data center 205, the data center 205D in data center 205A and the 205B in such as used vessel 203A, the data center 205C in used vessel 203B and used vessel 203C.As described previously, each used vessel 203 can design by a kind of mode and plan (such as, there is infrastructure components independent accordingly, such as power supply, and between different used vessels, there is a certain geographic distance) so that the impact of the various types of failure event in any given used vessel can be normally limited to this used vessel.Therefore, lost efficacy and/or mistake was likely to the typically not used vessel border that extends across, and it is believed that different used vessel had independent failure mode or independent enabled mode.Even if given used vessel suffers such as natural disaster, then it is contemplated that other used vessel remains operation.

With avoid or reduce cross over used vessel dependent design object keep consistent, in the embodiment described, at least one NCS180 can be set up in each used vessel 203.For example, NCS180A and 180B is built up in data center 205A and the 205B of used vessel 203A respectively, and NCS180C is based upon in the data center 205C of used vessel 203B, and NCS180D is arranged in the data center 205D of used vessel 203C.NCS180A can be configured to produce the example host 144A of the service (such as virtualization calculates service or storage services) of the one or more network-accessibles for the realization of heart 205A place in the data and for being arranged in the classification metadata of the network equipment 145A of data center 205A.Similarly, NCS180B can be assigned and produce the task for example host 144B and the classification metadata of network equipment 145B, NCS180C can be responsible for producing the classification metadata for example host 144C and network equipment 145C, and NCS180D can be arranged to and produce the classification metadata for example host 144D and network equipment 145D.Although in the embodiment illustrated by Fig. 2, single NCS is shown in each data center 205, but at least some embodiment, multiple NCS can be built up in data-oriented center 205 (depend on such as performance requirement and/or in the data heart place must produce the interstitial content that metadata is targeted).In one embodiment, if used vessel (such as 203A) includes N number of data center, and the performance requirement of Bandwidth Management can by meeting less than N number of NCS, so some data centers are without being configured with any NCS-alternatively, and single NCS can meet the needs of more than one data center.In other embodiments, given NCS180 can be configured to produce the metadata of the node for more than one used vessel place.

In the embodiment described, the number of NCS180 and placement can be determined by networked deployment service managerZ-HU 222.In some implementations, NCS manager 222 itself can include multiple hardware and/or component software, and some of them may span across the data center 205 of various available area 203 and are distributed.In the embodiment described, the configuration change of NCS180 can by NCS manager as required initial-such as, when by when disposing the redaction of the software module used by NCS, deployment can be coordinated by NCS manager.

In the embodiment described, it is provided that other services some of person's network can with networked deployment system interaction.For example, unified control station service 278 can realize one or more routine interface 240 (such as Web page, API, GUI and/or command-line tool), and it makes client 265 can programmatically submit the inquiry of networking state about paid close attention to resource to and receive requested information.Unified control station service 278 can represent the example merging network view generator 152 of Fig. 1.Routine interface 240 also can enable the client to submit configuring request-such as to, and at the appointed time section raises or reduces the current applicable bandwidth to various Service Instances or example host and limits.

In some embodiments, device Health management service 276 can realize at supplier's network 202 place collecting (such as, using heartbeat mechanism) response message from various example host and network equipment.In the embodiment described, Health management service 276 can also be used for such as collecting, by incidentally networking tolerance in health status message, the tolerance that the networking of the input that will act as NCS180 is correlated with.Therefore, the node of Health management service 276 can be considered the example of tolerance catcher 125 illustrated in fig. 1.In some embodiments, Health management service also is used as meta-data distribution system 127-such as, and the heartbeat message sending extremely various example host can include classification metadata incidentally.DDOS detection service 274 can be configured to such as by detect or from the uncommon high flow rate mode of given IP address set detect the Denial of Service attack at target place in supplier's network and/or be likely at external object place from the Denial of Service attack initiateed in supplier's network 202.When identifying possible dos attack, DDOS detection service 274 can provide the input about possible network attack or invasion to suitable NCS180, this may result in NCS180 and regulates bandwidth restriction for some example host or network equipment or temporarily, at least change other networked deployment option, to make great efforts to alleviate the impact of possible attack.Example place service 272 can from NCS180 obtain recently can the relevant tolerance of networking and configuration the example host selecting have the enough excess bandwidth that can be used for starting new example is set, or select in view of the network traffic condition changed existing example should be moved to example host.

The classification metadata at example host place uses

As described above, in various embodiments, networked deployment server can by the example host representing the transmission extremely service of various network-accessibles of traffic classification metadata.Fig. 3 illustrates the example of the cluster manager module according at least some embodiment, and it can interpret the traffic classification metadata that virtualization calculates example host 144 place of service.Example host 144 can include can instantiation and the virtual management software stack (VMSS) 310 managing some addressable virtual machines of different clients or calculated examples 350 (such as calculated examples 350A and 350B).VMSS310 can include the admin instance of such as management program 317 and operating system 315, and operating system 315 can be called " zero territory " or " dom0 " operating system in some implementations.Dom0 operating system possibility can not by representing the described client-access that client calculated examples 350 is run, but be alternately responsible for the various management of virtualizing operating systems or control plane operations, it is directed to calculated examples 350 or the network traffics from calculated examples 350 guiding including disposing.

In the embodiment described, dom0 operating system 315 can include various control module, and it includes and include the cluster manager assembly 357 of classification metadata interpreter module 359.Cluster manager assembly can receive the classification metadata produced by NCS180 for example host 144, it may for example comprise the expression of above-described classification tree and/or sort program.Interpreter 359 can resolve metadata and the program indicated in metadata is applied to the flow bag being directed to various calculated examples 350 or leading from various calculated examples 350.For example, the bandwidth in order to realize various traffic classes limits, configurable one or more examples bag queue (IPQ) 319 (such as, IPQ319A and 319B).If the flow rate that is particular kind of incoming or that spread out of at particular instance 350 place exceedes the bandwidth restriction of this kind during given interval, then some in bag that is incoming or that spread out of can be queued up in the IPQ319 of this particular instance.In some implementations, can the more than one bag queue of instantiation for given calculated examples, for instance, each traffic classes can set up a bag queue.In other implementation, single bag queue can meet the needs of the bag of the queuing being associated with multiple examples 350.In various embodiments, IPQ or other similar structure also may be used to realize other networked deployment option according to from the NCS metadata received, such as latency requirement, other quality of service goals (such as, the relative priority of the network transmission of different flow kind), bag subsection setup or depend on the setting of bag size.

As indicated, in the embodiment described, each calculated examples 350 can include the addressable operating system 370 of client of correspondence, the OS370B of the OS370A and calculated examples 350B of such as calculated examples 350A.Operating system 370 can each include the networking stack 372 of their own (such as, the networking stack 372B of the networking stack 372A and example 350B of example 350A), it can communicate the hardware network interface using example host 144 for being transferred into and out flow with cluster manager 357.From representing the angle that client realizes the described client of calculated examples 350, each example seems it can is the server of complete function, and client may not realize that the networked deployment technology used realize details (such as the queuing of the bag at IQP place).It should be noted that, technology for interpreting and use the classification metadata similar with classification metadata illustrated in fig. 3 can also be used for the example host of the virtualization services of other type of network-accessible in various embodiments, such as various types of storage services or database service.It shall yet further be noted that in some embodiments, classification metadata can be interpreted at least partially in networking stack 372 place of example 350 and/or use, and cluster manager 357 place to be alternative in or to be added to VMSS310 is interpreted and/or uses.

Metadata transmission mode

In various embodiments, according to different agreement or transfer mode, the expression of the metadata produced by NCS180 can be provided to target, such as example host 144 or interconnection device 145.Fig. 4 a to Fig. 4 c illustrates the respective instance of the agreement according at least some embodiment, and described agreement may be used to traffic classification metadata transmission to example host.In various embodiments, one or more routine interfaces may be used to provide other node to example host or distributed system by metadata, and wherein the receptor of NCS or metadata is according to the agreement calling interface used.

In the embodiment shown in Fig. 4 a, can via " propellings movement " operation 401 of the scheduling initial by NCS180 by classification metadata transmission to example host 144 (or network equipment 145 or storage device).For example, each NCS may be configured with corresponding scheduling, NCS will according to scheduling transmit metadata to given metadata target (such as, per minute once, or every five minutes once).In some implementations metadata can be interleaved to from given NCS transmission to the actual time of different target the network blockage avoiding itself being caused by metadata transmission.For example, if once metadata being pushed to six example host from given NCS by per minute, then the metadata transmission of each being dispatched in example host can be separated ten seconds.

In the embodiment shown in Fig. 4 b, triggering event may result in metadata and is transmitted.For example, event detector 421 can notify that NCS has detected that the event of such as possible DDOS detection, and NCS can then produce suitable metadata to alleviate the impact of event.For certain form of event, as long as metadata one produces in some embodiments, it is possible to the propelling movement 402 of the triggering of the initial produced metadata of high priority, to attempt as rapidly as possible in response to event.For other type of triggering event, for instance, if manager submits the request overwhelming the previously metadata of generation to, then without immediately or push metadata with high priority.

In Fig. 4 c embodiment described, example host 144 can submit, to BA180, the request 403 that pulls for nearest classification metadata to, and metadata can correspondingly send to example host in response 404.In various embodiments, can for example host 144, for network equipment 145 or use the combination of any one in the three kinds of methods illustrated in Fig. 4 a to Fig. 4 c for storage device.In at least one embodiment, differential technique-it is to say, the expression of the difference between only current meta data and the metadata provided recently can be sent to example host, network equipment or storage device can be used when transmission unit data.In other embodiments, whole metadata can be transmitted in transmitting every time.

Classification tree

Fig. 5 illustrates the example of the classification tree data structure 501 according at least some embodiment, its network traffics kind that may be used to represent the networked deployment at the device place of distributed system.Each node of tree 501 can have the networked deployment option of the kind represented for node or arrange the set being associated of (such as limiting for the respective bandwidth of each node specification in Fig. 5).Can be applicable to that other example of the networked deployment option of each node can include bag latency requirement or target, other quality of service goals (such as the relative priority of different flow kind), bag segmentation/refitting arrange or depend on the configuration of bag size and arrange.Traffic classes-such as can be defined in various embodiments based on the difference of multiple character, kind based on the application being associated with flow, assembly is in the service of transmitting terminal or receiving terminal, the network address (itself may indicate that application type in some cases) of involved end points, transmit size, represent client and produce the described client of flow, end points position relative to each other is (such as, for the bag spread out of from supplier's network node, destination is at local data center, locally available container, local zone, in another region of supplier's network or supplier's network-external) etc..In illustrated classification tree 501, for example, node 504 represents the flow of class application (high-performance calculation), node 520 represents data base's flow, and node 506 represents high-performance block storage flow (that is, be configured to support the flow that the block storage device of high input/output speed is associated).In data base's kind that node 520 represents, definition is for three nodes of location-based subcategory: the node 522 for the flow in data center, the node 524 for the flow in region and the node 526 for extra-regional flow.

Including in the embodiment of bandwidth restriction at the networked deployment option defined for various species, the tactful or various rule of flow summation can be applicable to classification tree, thus management and control child node is relative to the relation between the bandwidth restriction of parent node.In illustrated example, following rule can be applied: does not have child node can have the bandwidth restriction of the bandwidth restriction exceeding its parent node in (a) tree, although (b) summation of the bandwidth restriction of the child node of parent node can exceed the bandwidth restriction of parent node, but at any given time during section, the summation of the actual flow speed of the kind that child node represents may not exceed the bandwidth restriction of parent node.

According to these rules, owing to root node (collectively representing for producing the targeted example host of classification chart or all traffic classes of network equipment definition) has the bandwidth restriction of K gigabit/second, therefore in the child node of root node, neither one can have and limits more than the bandwidth of K gigabit/second；Therefore A < K, B < K, C < K and D < K.When node 520, the bandwidth restriction of child node (node 522,525 and 526) has been designated as the bandwidth restriction adding up to parent node, and therefore above-mentioned two rule is all satisfied.When representing node 530 of general " other " traffic classes of the bandwidth restriction with D gigabit/second, child node 532 (other block storage flow), 534 (the Internet traffic), 536 (in service flows) and 538 (not being by mixing of representing of other leaf node any or non-classified flow) each also have the bandwidth of D gigabit/second and limit.Can according to this situation of Second Rule description below listed above, the summation (being 4D gigabit/second in this case) of the nominal bandwidth restriction of its child nodes exceedes bandwidth restriction (D gigabit/second) of parent node.Although each planting apoplexy due to endogenous wind of child node can have the flow rate of up to D gigabit/second in principle, but actually, in period any given second (or other reasonable time unit), the summation of the actual flow stream of all child nodes is less than D gigabit/second.Therefore, if the flow rate of kind " other block storage flow " (node 532) is 0.6D gigabit/second during specific second, then the flow rate of node 534,536 and 538 combination is likely to not allow more than 0.4D.

In some embodiments, the NCS180 corresponding tree of flow that is incoming and that spread out of generation for given example host or network equipment place can be passed through, and at networked deployment option and/or kind apoplexy due to endogenous wind, the tree of incoming traffic can be different from the tree spreading out of flow.In some embodiments, some or all of nodes for classification tree, can for bandwidth duration (being such as employed to average so that the bandwidth in the time period more than the T second to be used) with for breaking out bandwidth (such as, the short-term outburst flow rate that can allow 4 gigabit/second for given example host lasts up to 2 seconds, even if the bandwidth duration restriction of this example host is set to 1 gigabit/second) definition difference restriction.As previously pointed out, in some implementations, the traffic classification level of given example host, network equipment or storage device can be plane rather than include multilamellar.

In some cases, from management view, the tree that the classification tree of the different entities of distributed system is combined into higher-order can be useful.Fig. 6 illustrates the example according to the hierachical data structure 601 of at least some embodiment, and it may be used to the network traffics kind of information of multiple example host of data splitting center.As indicated, corresponding classification tree (C tree), such as C tree 601A, 601B, 601M and 601N can be produced for many example host at place of data center.In the embodiment described, data center can include the multiple server racks being arranged in some not chummeries.NCS can assemble the C tree of the example host being incorporated in given frame, thus forming chassis level C tree, and such as 603A and 603B.At the next stage assembled, such as can combine to the chassis level C tree 603 of the institute's organic frame booked room or in the subset of data center with the form of room-level C tree 605A or 605B.In some embodiments, can integrally create for data center and single to synthesize tree 607 by combining room-level tree.In some embodiments, more senior tree level can be built, such as integrally be in the grade place of used vessel, geographic area or supplier's network.

These synthesis tree levels can help the networked deployment systems and management person of supplier's network in a number of ways, and the customizable visual representation particularly in level programmatically can by the implementation aspect of (such as, via unified control station service).Can using the consistent or inconsistent general introduction that the bandwidth at the different piece place of these levels acquisition data center or supplier's network uses, this may result in again configuration or places change with improvement or balance network utilisation level.When checking these more senior levels, available bandwidth also can become apparent from the distribution of different flow kind apoplexy due to endogenous wind, this can help to again carry out price change (such as, the price of the flow relevant to more popular kind increases), and price changes the income contributing to improving supplier's network.The service of placement also can such as be determined by chassis level bandwidth and use and benefit from more senior tree level, it is determined that chassis level bandwidth uses and can help to select suitable example host into new Service Instance.

Sort program figure

As described above, at least some embodiment, networked deployment server can determine that and may be used to be categorized as network traffics unit (such as bag) step for given example host or the program of the kind of network equipment definition or rule.Fig. 7 illustrates the example of the flow program Figure 75 0 according at least some embodiment, and it can make the kind for determining network traffics unit together with classification tree.This Figure 75 0 can include multiple decision node, indicates the corresponding set of the sorting criterion of network traffics in each in these nodes.In at least some embodiment, at least determining that the subset of node can be arranged by sequence, wherein the successive nodes of sequence is corresponding in succession narrower kind.For example, in the sequence of node 701,702 and 703, with in node 701 instruction criteria match flow subset can with node 702 in instruction criteria match, and with node 702 in instruction criteria match flow subset can with node 703 in instruction criteria match.If the criterion that given network traffics unit ends at the final node with sequence is not mated, it would be possible that different sequences must be used to assess this flow cell-such as, if wrapping the criteria match (as indicated by about the result "Yes" of node 701 and 702) with node 701 and 702 but do not mate (as indicated by about the result "No" of node 703) with the criterion of instruction in node 703, then then possibility must using the sequence of node 704 and 705 to assess bag.

In general, if all criteria match of given flow unit and given sequence node, so can determine that its kind-such as, if meeting the criterion of node 701,702 and 703, then kind C1 bag can be classified as, if meeting the criterion of node 707 and 708, so can be classified as kind C6 bag, if meeting the criterion of node 706, then kind C5 bag can be classified as, if or meet the criterion of node 709, then kind C7 bag can be classified as.In various embodiments, in given node, the criterion of instruction can represent according to the various character of network traffics unit.For example, the content (such as source or destination IP address, port number or the networking protocol used) of one or more headers of bag may be used to determine its kind, maybe can use the content of main body.In the embodiment described, each planting apoplexy due to endogenous wind that given flow unit is categorized into by program can be used to may correspond to the corresponding node of the classification tree also produced by NCS.

At least in principle, at least some embodiment, any fine granularity criterion can be used for bag classification, and can produce to determine the arbitrarily long sequence of node.For example, sorting criterion can based on the very specific content (such as, whether specified byte scope " 0xff " occurs at the skew O1 place of bag) of bag main body, or based on wrapping or the combination in any of header content, etc..In order to reduce size and the complexity of sort program Figure 75 0, the decision node with multiple possible outcome can be used in some embodiments.For example, the node 705 including look-up table 770 includes in programme diagram 750.This look-up table each can include multiple row, wherein a line can index based on the character (the destination IP address such as wrapped) of given flow unit or select wherein a line reach classification and determine.In the example of node 705, classification decision is that bag belongs to kind C2, C3 or C4.In other cases, classification decision can be use extra to determine that sequence node assesses bag-such as, and lookup table entries may act as the pointer of other classification chart or subgraph.

Fig. 8 illustrates the example of the use of the look-up table node 805 of the traffic classification programme diagram according at least some embodiment.In the embodiment described, hash function 850 can be applicable to a part for network packet 810 and identifies in order to the entry by the look-up table 770A of the node 805 of bag classification.Look-up table node 805 itself can have been arrived in some cases, i.e. before application hash function 850, be likely to have been for bag 810 carry out the classification of at least a certain grade after other decision node of appraisal procedure.Bag in the example described is the departures bag 801 with destination IP address " P.Q.R.S ", and the third element " R " of four elements of destination IP address as hash function 850 input with determine corresponding to bag 810 lookup table entries.In various embodiments, any one in the properties of bag 810 can be used as the input of this hash function, including the value of the such as other parts of destination IP address or source IP addresses, the value of other header fields 802 or the content of main body 803 even wrapped.In some embodiments, about which character of bag by order to select the rule of lookup table entries and the control module to destination apparatus (such as example host or network equipment) place can be provided by NCS180 together with classification metadata by the function (such as hash function 850) being applied to character.

In some cases, selected lookup table entries (such as, as the result of the hash of destination's IP address element) can directly indicate the traffic classes of corresponding bag.For example, the one in the element of look-up table 770A is selected to cause kind A in fig. 8.Other entry of look-up table itself may act as the pointer of additional programs figure (Figure 88 0A and 880B of such as Fig. 8), it may be necessary to navigation additional programs figure determines node to determine the kind of bag 810.Because these the additional programs figure arrived from the criterion of the node evaluation of different figure are in this article also referred to as subgraph.In the illustrated case, if hash function 850 causes an entry of 770A, so determine that node 851,852 (itself being the node including look-up table 770B) and/or 853 criterions indicated are likely to needs evaluated, if and hash function 850 causes the different entries that select look-up table 770A, then determining that the criterion of node 854,855 and/or 856 instruction is likely to must be evaluated.In the example of Fig. 8, if arriving programme diagram 880B, and meet the criterion of instruction in element 854 and 855, for example, so bag 810 can be regarded as belonging to traffic classes L.Look-up table 770 is incorporated to the quite compact expression that can allow traffic classification logic to the various nodes of sort program Figure 75 0, is also even so when complicated fine granularity logic is used for classifying.

The response to the event of triggering of the networked deployment system

In some embodiments, as described previously, the event that may be in response to such as detects and can be detrimental to harmful event (such as network attack or invasion) and make Bandwidth Management and determine.When configuration of networked configures system (such as, how many NCS should be set up in the particular subset of distributed system determining, or when networked deployment system needs what kind of computing capability and meta-data distribution ability) it is contemplated that factor in one can be the desired response to these events.Fig. 9 illustrates the example of the response tolerance according at least some embodiment, and it may be used to determine the value of one or more parameters that networked deployment services.

Example timeline is shown in Figure 9, and wherein time value from left to right increases.At time T1, as indicated by square frame 902, it is achieved the security service of the distributed system that centralized networked deployment is targeted detects possible network attack, such as DDOS attack.Possible attack can be identified based on the one or more nodes being such as directed to distributed system or the increasing suddenly of flow rate led from one or more nodes of distributed system.This attacks and can be directed at the one or more targets (such as just using the e-commerce website that the calculated examples set of supplier's network realizes) in distributed system or the one or more targets outside distributed system (such as, the request of repetition can send to external website from the calculated examples set of supplier's network at the high velocities).In some cases, flow increases can be because rational reason, such as the interest of the product sold on website is broken out suddenly；But, in many embodiments, security service can adopt the analytical technology of complexity to reduce the probability of this wrong report.

No matter actually whether possible attack attacks, in the embodiment described, networked deployment system can be configured to such as by producing new classification metadata and/or new config option (such as bandwidth restriction) for the suitable node of distributed system, and apply new metadata as rapidly as possible and respond.As indicated by square frame 904, time T2 in the timeline described can produce the metadata of the amendment for node set.For example, if be detected that can represent and be derived from IP address K.L.M.N and be directed at the flow of DDOS attack of departures of IP address E.F.G.H, then be responsible for the NCS of those IP address applications bandwidth restriction can be produced new metadata.New metadata can such as simply to sending from K.L.M.N or applying new bandwidth restriction (temporarily, at least) at the E.F.G.H all flows received.Or, specifically can define one or more new traffic classes for the flow flowing to E.F.G.H from K.L.M.N, and can produce and spread for the restriction of those particular kind of bandwidth.

The classification metadata of amendment can be distributed to suitable example host or other node, and can come into effect by the time T3 in the example timeline of Fig. 9, as indicated by square frame 906.(in a certain time after a while, can again revise classification metadata, for instance, if network attack terminates or if it find that seems that the flow that instruction is attacked is rational.) such as can follow the tracks of the networked deployment service response to these triggering events in time by networked deployment service managerZ-HU 222, as such as indicated by interval (T3-T1), and described response may be used to the various character of number or the meta-data distribution system adjusting the NCS adopted.

The method realizing the service of centralized networked deployment

Figure 10 illustrates being performed with the flow chart of configuration and the operating aspect of the assembly initializing networked deployment service according at least some embodiment.As indicated by element 1001, can such as in view of global bandwidth management strategy, the availability realizing the targeted service of networked deployment and/or performance requirement be to determine the various initial or default parameters of service.These parameters can include (such as): by the number of NCS180 of configuration in each used vessel or each data center, metadata delivery scheduling and agreement (such as, whether the push protocol that the initial metadata of NCS transmits will act as acquiescence, or whether use-case main frame requests classification metadata on demand is pulled agreement), may result in the output destination that the result that the type of additional triggers event that metadata transmits, the input source of NCS and/or NCS determine is supplied to.

In at least some embodiment, it may be achieved the set (element 1004) of routine interface, so that client and/or manager can optionally overwhelm the decision of NCS.For example, in one embodiment, can allow some clients submit to request with by various bandwidth restriction increase to NCS select bandwidth restriction on (such as, the increase of forecast based on application workloads level), or submit to request the upper limit that the bandwidth of some traffic classes limits to be arranged under the confirmable bandwidth restriction of NCS (such as, to make great efforts to reduce the bill cost that flow is relevant).Also can support from client and/or the gerentocratic configuring request to various other type of options (such as to waiting the setting of time correlation, service quality setting etc.).

Can according to the parameter determined in the operation corresponding to element 1001 at select location (element 1007) an appropriate number of NCS180 of place's instantiation.Network connectivity (element 1010)-such as can be set up between NCS and distributed system or other elements various of supplier's network, NCS and made by NCS determine by between example host 144 and other network equipment 145 at the place that comes into effect, NCS and entering data between source of affecting that NCS determines, and between NCS and any output destination interesting for constantly obtaining networked information from NCS.In at least some embodiment, such as TLS (Transport Layer Security), the network that the safe networking agreement of SSL (SSL) can be used between NCS with at least some in other element of distributed system are connected.

Figure 11 illustrates being performed with the flow chart of generation and the operating aspect of the traffic classification metadata of distribution networked deployment service according at least some embodiment.In the embodiment described, NCS can adopt iterative method, wherein during each iteration, input set is share to determine and is distributed to and is applied to destination node (such as, example host) the network management parameter of set place, and then from destination node and other source collection tolerance with feedback using the input as impact or the parameter determining following iteration.As shown in element 1101, given NCS can receive the metric set that network that the various nodes (such as example host and/or interconnection device, such as switch, router, gateway and analog) from distributed system obtain is relevant during given interval.These tolerance that can such as include the flow rate that is incoming and that spread out of of measurement, packet loss, bag throttle rate etc. may be used to be produced the following iteration of traffic classification metadata by NCS.In some cases, via the node (such as, for instance the node of health monitoring service) of tolerance collection system, tolerance can be provided to NCS.It addition, in the embodiment described, NCS also can obtain various input from other input source (including safety-related service, the flow collector according to IP address, the flow collector according to client and analog).Client and/or manager also can submit configuring request to NCS, such as increased or reduce the request of the bandwidth restriction being previously applied to one or more traffic classes by NCS, and input when these configuring request also are used as the following iteration determining traffic classification metadata.

In the embodiment described, at NCS place, tolerance and the input received may be used to such as in view of overall and/or locally networked management strategy is to determine traffic classification metadata (element 1104).Global policies for example, may indicate that the target exploitation restriction of each several part of networked infrastructure, processes the fairness requirement of flow from the different clients having been for the signature of similar service grade, will give the relative priority of the network traffics of the service of different network-accessibles being just implemented, etc..Local policy may indicate that the rule being applied to given used vessel or data-oriented center, and the networked infrastructure at given used vessel or data-oriented center can be such as different from the networked infrastructure of other used vessel or data center and ability with ability.The classification metadata produced for the given destination node of distributed system can include by the traffic classification level that uses at destination node (such as, can use and be similar to the level that the data tree structure shown in Fig. 5 represents), with by the program of the kind in order to network traffics unit to be categorized as in level definition or regular collection (such as, use be similar to the program represented of the figure shown in Fig. 7).For each traffic classes of definition in level, also can determine that the networked deployment option of such as one or more correspondences of bandwidth restriction, such as arrange for the bandwidth restriction of average discharge definition and different bandwidth restriction, latency requirement, the requirement depending on bag size or the priority defined for short-term outburst.In some cases, the corresponding set of kind and/or option can be defined for flow that is incoming and that spread out of.At least in some embodiments, classification level and/or program-such as can be customized for different instances main frame and/or network equipment, the given main frame H1 being used for a set of client application can have traffic classes and the different bandwidth restriction of applying in those kinds of the definition different from another main frame H2, is just realizing the different sets of client application at main frame H2 place.

In the embodiment described, the corresponding portable expression of traffic classification level and sort program can be produced at NCS place or encode for transmission to destination node (element 1107).Industry standard protocol or the language of such as JSON, XML, YAML or fellow can be used in some implementations, and proprietary encoding scheme can be used in other implementation.Portable expression can be transmitted to application or the target (element 1110) using metadata.In at least one implementation, single or assembly coding can be used for classify kind and program, and in other implementation, classification kind and the corresponding of program can be used individually to represent.In some embodiments, difference metadata transmission technology can be used, wherein such as only metadata be sent to target from this part changed since preceding iteration.In other embodiments, complete transmission method can be used, wherein can transmit whole metadata in each iteration.In various embodiments, the propelling movement that can use scheduling is transmitted (wherein NCS pushes metadata to target on one's own initiative), is pulled the metadata that transmission (wherein NCS transmits classification metadata in response to the request from target) and event trigger to transmit the combination of (wherein detecting that certain form of event causes that NCS produces and/or transmission unit data).Having sent to after suitable target in the metadata for given iteration, NCS such as can start forward its following iteration by repeating the operation corresponding to element 1101.

At the destination node place of distributed system, control module (all cluster managers 357 as shown in Figure 3) can be configured to receive and interpret metadata table and show.Metadata may be used to sorter network flow cell (such as bag), and apply corresponding bandwidth restriction and dispatch and/or regulate the transmission (element 1113) of flow cell.In some implementations, available on node operating system utility program or instrument (such as " tc ") may be used to realize the NCS logic produced.In other implementation, Customization Tool or utility program can be used.Can such as use various executing means and analog to collect tolerance from destination node, and tolerance is used as the input of NCS.

Figure 12 illustrates the flow chart being performed in response to change the operating aspect of network management parameter in triggering event according at least some embodiment.As shown in element 1201, the event of the amendment that may result in traffic classification metadata can be detected, such as possible DDOS attack.In some embodiments, it is provided that person's network can be set up one or more security service and identify the suspicious traffic pattern indicating various possible attacks, and this service can communicate with networked deployment system.In the embodiment described, can such as by this security service, combination by NCS or by security service Yu NCS identify (element 1204) distributed system can under fire affect maybe can facilitate attack specific node (such as, example host and/or network equipment, such as switch, router and analog).

The set that can produce the amendment of traffic classification metadata at NCS place alleviates the impact (element 1207) of attack.Amendment can include the new traffic classes (such as, based on sending and/or receiving the specific address of node involved by suspicious traffic) such as defined, and/or the new bandwidth of application is limited or other networked deployment option.New metadata can then transmit the selected node set to distributed system, it can include attacking specific node that is involved or that be in target of attack and/or other node (network equipment of the centre in the path such as, advanced) along suspicious traffic in some embodiments.

Can measure and recording responses is in trigger condition institute's time spent, for instance situation and the interval (element 1210) applied between new metadata be detected.As time go by, the effect that can analyze the measure that networked deployment system trend and/or networked deployment system to the response of the event of these triggerings is taked determines the need for carrying out configuration change (element 1213).If such as finding response not, so can carry out any one in some configuration changes: such as, the number of NCS can be increased, the connectivity between event detector and NCS can be improved, meta-data distribution system can be strengthened, and/or the logic that can revise NCS or destination node place is come more efficiently in response to the event detected.

Figure 13 illustrates the flow chart of operating aspect being performed unified view to provide from networking related status information to the client of distributed system according at least some embodiment.As shown in element 1301, one or more routine interface (such as Web page or control station, API, GUI or command-line tool) can be set up for providing the unification of the networking state of various distributed system resources paid close attention to and customizable view to client.For example, client can be assigned with virtualization and calculate a large amount of calculated examples of service, and can wish in the end 15 minutes to find which particular instance is affected by bandwidth adjustment.Routine interface can enable a client to use various filter to specify shown networking character and/or the resource collection targeted by showing character.

Can asking through thus interface networking state, it indicates the tolerance and resource (element 1304) paid close attention to.Networked deployment system can such as from measurement database 190 or the tolerance (element 1307) asked from the cache retrieval of NCS.In some embodiments, can be used for the applicable classification metadata in response to request and also can retrieve (element 1310) from taxonomy database 192 or from the metadata cache of NCS.Use the information collected, the response to networking state request can be produced and via routine interface, response is provided to requestor (element 1313).

Resource for network topology uses visualization tool

As described above, networked deployment service can collect multiple tolerance from the various assemblies (such as supplier's network) of distributed system, and uses these tolerance to determine the setting (such as bandwidth restriction) of at least some node.In at least one embodiment, it may be achieved display performance designator or resource can use one or more visualization tools of designator (the color-coded expression of the ratio between the corresponding network traffics speed measured at such as various node places and the respective bandwidth restriction arranged for those nodes or thermal map).According to an embodiment, the sub-component providing these resource thermal maps and/or other type of visual network topology visualization server to be embodied as networked deployment server 180 can be configured to.In other embodiments, this Network Topology Visualization Tool can realize independent of networked deployment server 180, for instance, it is achieved for another centralized service of distributed system, or be embodied as corpus separatum, and alternately or the data collected by NCS180 can be consumed with NCS180.In at least some implementation, the network enabled view generator 152 (shown in Figure 1) of merging can include topology visualization interface as the one in its feature.

In at least some embodiment, centralized topology visualization server (TVS) can be configured to the logically and/or physically relation determining between the various nodes of distributed system.For example, in the embodiment realizing virtual computing service, TVS can determine that the client account various calculated examples of example host set place being assigned to, and the information of accessing to your account can produce the topology that only includes being assigned to those calculated examples of particular clients account or selected client account set.In response to the visualization request from the client correlated with that client account (or account aggregation), the thermal map of the performance indicator of the example illustrating that topology then can be provided.The manager of the service of network-accessible for realizing in one or more data centers, more detailed topology can be produced, it may indicate that the physically or logically network linking between various example, main frame and/or network equipment (such as switch, router and analog), and can use the usual non-management client to service that disabled information produces corresponding thermal map.In each case, use produced thermal map, various types of resource can be provided to use the understandable visual representation of statistics to client or manager.Use statistics then to may be used to (such as) identify possible bottleneck or other type of problem on one's own initiative and take response action.In thermal map, the border that changes between scope and the color of the color of display can be the selectable level measured just being instructed to instruction.For example, in one implementation, given node for network topology can show that redness is to indicate the bandwidth of the recently measured flow rate closely that node to limit, and green may be used to the measured flow of instruction far below restriction, and can be used for middle traffic level from redness to green intermediate color.

According to some embodiments, the multiple source that therefore TVS can be responsible for from distributed system obtains tolerance and collects, obtain the relation information of the various assemblies of distributed system, and based on collected tolerance and relation information determine various types of network topology performance indicator (such as indivedual performance metrics, or tolerance be suitable for the ratio limited).Can realize the customization so that client or manager can ask resource performance designator or the visual program visualization interface filtered, and TVS can represent visualization request is responded by using the suitable subset of data set to synthesize other figure of thermal map and/or performance indicator.In some implementations, one or more other assemblies that can relate to distributed system in these tasks or the interaction of service, as further detailed below.

Figure 14 illustrates the example of the customizable thermal map 1450 produced according to Tong Guo the topology visualization server (TVS) 1410 of at least some embodiment at least Node subsets of distributed system.In the embodiment described, TVS is embodied as the element of networked deployment server 180.In other embodiments, TVS1410 can use independent of NCS or realize at the one or more hardware outside NCS or component software；Such as, in some of such embodiment, centralized Visualization Service can be realized in the non-existent situation of NCS.In the embodiment depicted in fig. 14, TVS1410 can obtain input from some type of Data Source (including account management service 1420, placement service 151, inventory service 1430 and tolerance catcher 125).

Account management service 1420 can to TVS1410 provide about client account (and/or connection user or group's account) information, the various Service Instances of one or more many tenants or single tenant's Service Instance (such as, virtualization calculates service, storage service or database service) are assigned to described client account (and/or the user of connection or group's account).As described previously, place service 151 and can be responsible for identifying the example host starting various Service Instances, and can therefore, it is possible to provide the example that can help to produce network topology to Host map at least some embodiment.Inventory service 1430 can manage the local data base that the record various example host of distributed system, switch, router and miscellaneous equipment assembly are physically located in one or more data center.Tolerance catcher 125 can collect, from the various Service Instances in distributed system, main frame, interconnection device and analog, relevant and/or other resource measurement of networking, also as previously described in the context of Fig. 1.For example, for relevant tolerance of networking, source can include, among others, (a) NIC, b () is arranged on the networking components of the virtualization software storehouse at virtualized host place, the networking components of (c) calculated examples, (d) network tapping device, (e) switch, (f) router, (g) gateway, or (h) load equalizer.It should be noted that, in some embodiments, not all various types of Data Sources shown in Figure 14 be all likely to by TVS1410 use-such as, in some implementations, the service of placement can provide the physical location information about various nodes, therefore perhaps without the interaction with inventory management services in these implementations.

May be in response to visualization request and produce various customizable thermal map by TVS1410 synthesis from the data of these various source collection, such as example thermal map 1450.Thermal map 1450 illustrates network topology 1460, and it includes the CI1440A, 1440B and the 1440C that are assigned in five calculated examples (CI)-used vessel 203A of client account CA1 and CI1440D and the 1440E in used vessel 203B.In various embodiments, TVS1410 the topology produced may span across data center border, used vessel border (in Figure 14) or other tissue or physical boundary in some cases.For each calculated examples 1440 in topology 1460, performance indicator (PI) 1470-of display respective color coding such as, is shown respectively PI1470A, 1470B, 1470C, 1470D and 1470E for CI1440A, 1440B, 1440C, 1440D and 1440E.In various embodiments, PI1470 may indicate that various types of tolerance or the ratio being associated with tolerance, and the type of performance information coded at least some implementation can be customizable.For example, the ratio of the flow rate measured by flow that is incoming and/or that spread out of and the bandwidth restriction being currently configured can be shown.In this example scenario, red PI may indicate that measured flow limits (such as, exceed the 75% of bandwidth restriction) close to bandwidth, and green PI may indicate that ratio is lower than 30%, and yellow PI may indicate that ratio is between 30% and 75%.In some implementations, it is possible to numerical value or the word message (such as, rate value can be shown as percentage ratio) of each node are shown.In various embodiments, many different types of performance indicator can be shown by TVS, including the relevant designator of the network bandwidth, waiting time relevant designator (such as, the recently measured waiting time and the degree of closeness of the upper limit for the request of bag waiting time, or measured average bag transmits the ratio between waiting time and the target upper limit of waiting time), CPU utilize level, memorizer to utilize level etc. relative to utilize level, the storage device of threshold value.In some embodiments, in addition to or in lieu the ratio (such as, the ratio of the threshold value of measured value and a certain definition) of instruction in thermal map, may indicate that absolute value.In at least some implementation, the information that thermal map can be provided based on Visualization Service by client side component (such as web browser or gui tool) shows.Therefore, in these implementations, Visualization Service can be responsible for obtaining tolerance, it is determined that topological sum performance indicator, and provides selected data collection for including in thermal map with certain suitable form to client side component.Client side component then can use data that Visualization Service provides to show thermal map.In at least some embodiment, Visualization Service can include rear end and front end assemblies, and wherein aft-end assembly is responsible for producing the basic data that available thermal map form presents, and front end assemblies is responsible for the actual displayed of thermal map.

According to some embodiments, the user of TVS1410 can adjust the Information Granularity of visualization display.For example, in one implementation, about the performance indicator that networking is relevant, client may indicate that the preference of any one in following granularity: (a) port level granularity is (such as, the information at TCP or udp port level place can be preferred), (b) network interface level granularity, (c) virtual machine-level granularity, (d) host-level granularity, (e) chassis level granularity, (f) data center room level granularity, (g) data center level granularity, (h) used vessel level granularity, or (i) geographic area level granularity.In various embodiments, it is possible to the other type of resource targeted for displayability energy designator or tolerance (such as storing calculation of correlation) select granularity selection.TVS1410 can assemble by the tolerance of requested particle size collection to determine the performance indicator being included within visualization or display.Except customizing the granularity of the relevant information of shown networking, at least one embodiment, can also be for the customization display of various traffic classes.For example, can based on Endpoint IP addresses (such as, flow is to flow between two examples in supplier's network, still the public internet address outside supplier's network is flowed to), based on the client account that the end points of flow is assigned to, or based on producing the targeted application of flow or application type (such as, can ask the flow being correlated with for data base is specific thermal map, and maybe can ask for high-performance calculation is specific thermal map) network traffics of the given node to and from distributed system are classified.In some embodiments, traffic classification (such as traffic classification illustrated in fig. 5) can be used to filter shown information.In at least some implementation, the client of TVS can define it with programming mode and may wish to the traffic classes that display performance designator is targeted.For example, client may specify that a set of the calculated examples of its appointment is as source set, and by another set of example or other end points (such as, certain database example) as destination, and can based on the set definition traffic classes specified.

In one embodiment, visualization request can include time composition-such as, and request can will collect the tolerance time period to produce shown performance indicator for the tolerance instruction of specified type.In some embodiments, client can request dynamic visualize, wherein such as by the change of the value of the given performance indicator in the instruction appointment time period.It is assigned to the mandate ability of visualization request person's (such as, no matter requestor there is management about service access license or non-management accesses license) or role also acts as the implicit expression filter of kind of the information that control can show in various embodiments.In some embodiments, centralized Visualization Service can be used for observing resource measurement or the performance indicator of the service belonging to more than one network-accessible, and visual consumer can indicate that service targeted for display performance designator.For example, the given client account of supplier's network can use both the relational database services by supplier's real-time performance and non-relational database service, and can produce independent thermal map for the networking performance indicator that the corresponding topological sum of two different types of database services is relevant.

The different consumers of topology visualization server can be authorized to the different subsets of collected tolerance, and therefore can be provided visualization by different level of detail in some embodiments.Figure 15 illustrates the example that may be used to produce the different subsets of the tolerance collected by the thermal map of the non-management client of service manager and service according at least some embodiment.As indicated, in the embodiment described, the addressable tolerance of manager 1510 can be can by the super set of the tolerance of non-management client-access.For example, in the supplier's network realizing various virtualization many tenants service (such as virtual computing service and one or more virtualization storage service), about the information (example host such as, being being used, the interconnection device being being used, physical resource placement in various data centers) in order to realize virtualized physical resource because multiple reason is considered secret.Thering is provided such as just can be contrary with in the main target realizing virtualization services in order to details such as the types of the hardware processor of service client and device: client seamlessly utilizes various service features without the ability being concerned about hardware details.But, the manager of virtualization services is likely to it is to be appreciated that about at least some details of the hardware being being used, for instance to provide proper number and the hardware server of type, frame, interconnection device and analog.Therefore, in the embodiment described, compared with offer to non-management client, manager can observe the more detailed thermal map produced by TVS1410.

In some embodiments, the type being exposed to the information of non-management client can include Service Instance level performance indicator, such as measured network traffics be assigned to given client account or the ratio of the bandwidth restriction of the example of client account set associated.In some embodiments, tissue (such as private sector or public sector's entity, or the department in this entity) can be represented and set up client account in the service center of one or more network-accessibles of supplier's network.In some implementations, each client account can comprise some different user accounts or group's account.In at least some embodiment, different client accounts can be associated and be such as combined charging with two the different departments each setting up relative client account to major company.Some in the tolerance collected by TVS only can be visible to a client account (such as, the user/group to defining for the account), the tolerance 1515B that the addressable example of such as client C2 is relevant.Other tolerance can to visible with user/group that the client account of multiple associations correlates, such as that the visible example of client C1 and C2 is relevant tolerance 1515A.

In various embodiments, some metric type possibilities can not be accessed by non-management user.For example, the tolerance 1550 being associated with particular network device (such as switch, router, gateway and analog) is generally likely to be not exposed to non-management person.Similarly, the tolerance collected for example host (being likely to realize the hardware calculation element of the Service Instance of multiple client) also only can be accessed by manager.In the embodiment described, the tolerance (such as, flowing in and out the flow at particular data center) about data center also can be only limitted to management use.

Therefore, can be different for the thermal map type that different consumers kind produces by TVS1410.In the embodiment described, can provide from the tolerance 1515A quite restricted thermal map 1450A obtained to client C1, and client C2 observable source tolerance includes the thermal map 1450B of both 1515A and 1515B.Management user's observable collects the 1510 thermal map 1450C obtained from bigger tolerance.In at least some embodiment, such as can be made about by the decision in order to the subset to the tolerance that given visualization request responds based on the determination authorizing setting, ability or role of requestor at runtime by TVS.

For visual routine interface

In various embodiments, some different types of routine interfaces may be used to receive and respond to visualization request.Figure 16 illustrates the example of the routine interface based on web of the thermal map that may be used to display network topology according at least some embodiment.As indicated, the interface based on web includes Web page 1602, wherein show together with the corresponding set of node 1610A, 1610B and the 1610C of network topology and performance indicator 1620A, 1620B and 1620C.

In the illustrated case, performance indicator 1620 illustrates color-coded entry for multiple resource types of each in node: the network bandwidth (in figure 16 by label " BW " expression), CPU, dish and memorizer (by label " Mem ") represent.Figure 16 illustrates the some controls based on web for revising or customize thermal map.For example, zoom control 1650 can by observer in order to zoom in or out the different piece to topology.Resource selector 1652 may be used to filter out some type of resource from visualization, or increases more resource type.Similar selector also may be used to select the time period (that is, the time period of the collection used) of display, network traffics kind, application type etc. corresponding to the tolerance of performance indicator.In the embodiment described, also allow for observer's appointment and will be used for visual threshold value 1654-such as, observer may indicate that the measured transfer rate of 80% (or higher) that bandwidth limits should pass through red BW performance indicator instruction, value less than 30% should pass through green BW performance indicator instruction, etc..

The instance elements of the visualization request 1720 that Figure 17 explanation receives via routine interface 1770 according to Tong Guo the topology visualization server 1410 of at least some embodiment.In some embodiments, for instance the selection of the one or more controls to being similar to control 1650,1652 or 1654 in response to client or manager 1710, this request can via being similar to the Web page shown in Figure 16.In other embodiments, this request can via different GUI, API Calls or from command-line tool submit to.

As indicated, request 1720 can include destination service node listing 1725, its instruction is included within the service node set in visualization.In some embodiments, the default setting of service node set can be used by TVS1410 when the instruction of specific node set is not and is provided by requestor's (such as by giving tacit consent to), may select all calculated examples being assigned to client account for visualization, all example host that maybe can manager be sent in the data center of request are considered as candidate to include in visualization.Node set can explicitly indicate (such as in some embodiments, by providing the list of node identifier such as calculated examples identifier), or indicate (such as, client may indicate that and specifies the calculated examples in used vessel should include in set) by indicating the filter criteria that may be used to search node to carry out.Element 1728 instruction also can be used in topology visualization is asked to be included within the kind of the network traffics in visualization and/or resource.As previously mentioned, in some embodiments, traffic classes can be defined by client.In other embodiments, being alternative in or except the kind of client definition, client or manager 1710 can select from multiple predefined traffic classes.In some embodiments, different resource kind be also selectable-such as, if the thermal map only illustrating calculated examples should be provided, or whether should include memory node etc..

In some embodiments, also in request 1720, instruction granularity 1731-can be visualized such as, if need host-level to observe (about network traffics), if to need instance-level to observe, etc..The time range by being used for producing the visual tolerance from various source collection can be indicated via element 1734.In some implementations, client can request dynamic visualization-such as, the change of the value of performance indicator in section seclected time can be shown according to the client preference that indicate via element 1737.It should be noted that at least in some embodiments, about request 1720 element can choice set close between users can different-such as, compared with the non-management user of visualization function, manager can specify wider preference scope.In at least one embodiment, can pass through TVS1410 to manager provide with the set of the different routine interface 1770 provided to non-management user (such as, to have manage voucher user can API set than to other user can more extensive).In response to request 1720, in the embodiment described, TVS1410 can retrieve suitable data set and provide correspondence display with the form of thermal map 1450.

Network topology method for visualizing

Figure 18 illustrates the operating aspect of the topology visualization of the performance indicator being performed the various nodes including distributed system with generation according at least some embodiment.As shown in element 1801, some tolerance can be collected by the example host of the TVS1410 Service Instance of service of various network-accessibles, interconnection device (such as router, switch, gateway and analog) and the distributed system such as realized supplier's network from multiple Data Source or other type of hardware or component software.Collected tolerance can include tolerance (the such as inbound or outbound traffic speed such as networking relevant, current applicable bandwidth limits, measured and target latency time, network error number, bag size distribution or number of dropped packets), (such as total CPU utilizes the tolerance that processor is relevant, targets threshold CPU utilizes level, kernel and user utilize segmentation, active process/Thread Count), the tolerance that memorizer is correlated with is (such as, the amount of available free storage, paging rate etc.) (dish or other storage device utilize the tolerance relevant with storage, the average response waiting time, queue length etc.).In one embodiment, tolerance or the performance objective (such as, waiting time target) of restriction about current application (such as, bandwidth restriction) can be obtained from NCS180.In some embodiments, it is possible to collected some or all in tolerance for other purpose, for instance, to be determined the bandwidth distribution in various resource by NCS180, and TVS can from other assembly of NCS or obtain tolerance from measurement database 190.In one embodiment, will can be measured incidentally in other type of message by various Data Sources, all heartbeat message sent according to health monitoring agreement as previously described.

TVS1410 also such as can obtain the client account information (element 1804 of Figure 18) for the various services just realized in a distributed system from the account management service 1420 of supplier's network or from identity management services.Accounts information can include the relation between different clients account (such as, some client accounts can associate for merging charging) and between client account and user account or group's account with other client account, etc..In at least some implementation, TVS can obtain the mapping between service node or example and client account, for instance instruction represents the information that client account starts the described client account of given calculated examples.In at least some embodiment, it is possible to obtain the network link between different nodes and the various network equipment (such as switch and router) of physical layout information (layout of the example host in the different frames of such as data center and room), distributed system or path (element 1807).Such as can manage instrument from inventory service or other data center and obtain physical layout information.

Can determine that one or more network topologies of interdependent node or resource (element 1810), for instance, accounts information and physical layout information are synthesized together.Depend on the size of distributed system and its user library, in some embodiments, produce and/or store comprehensive network topology to be likely to need a large amount of calculating, memorizer and/or storage resource.Therefore, some different network topologies can be produced in some embodiments, for instance each data center one or one, each geographic area.Collected tolerance can be used to create the data set (element 1813) of the performance indicator corresponding to one or more topologys.Can determine that or obtain topology various nodes some performance indicator in any one, the ratio of the flow rate such as measured during nearest interval and the bandwidth the applied restriction applied in this interim, the ratio of the peak value waiting time observed during interval and target maximum waiting time, utilize relative to the CPU measured by target maximum or minimum level, etc..

The visualization request (element 1816) of subset at least performance indicator can be received.Can determine that the mandate of requestor is arranged, and can obtain corresponding to request and the suitable subset (element 1819) authorizing the performance indicator data set arranged.The visualization (element 1822) of the form Show Color coding of available either statically or dynamically thermal map.Client side component (such as, browser, browser plug-in or GUI) may be used to show thermal map based on by the rear end TVS1410 data provided.In some embodiments, it is possible to use TVS1410 to provide other type of visualization, the rectangular histogram of such as performance indicator, pie graph and analog upon request.It should be noted that in some embodiments, topology can be produced (such as after receiving visualization request and based on requested certain types of performance indicator) on demand.

The resource of client request uses restriction to reduce

In some distributed systems, client is necessary for the amount of money that various service pays and can be depending on and represent the network traffics that client produces at Service Instance place.In some cases, service the upper limit of the transmissible data volume of each Service Instance of definable (or data transfer rate), and the expense proportional to flow can be applied below these upper limits.Therefore client can have the power temporarily, at least reducing its Web vector graphic in these environment, in order to meet budget.For some type of service, client can be used by some different normalized service example types, and wherein different networking restrictions and/or speed can be applicable to each example types.Figure 19 illustrates the example of the calculated examples type set of the service of the be implemented for network-accessible according at least some embodiment, and wherein different instances type has respective bandwidth restriction and respective bandwidth use pricing strategy set.The table of the setting that the network with the calculated examples Class1 902 (" little ", " medium ", " greatly " and " super large " calculated examples) four kinds different by virtual computing service definition is relevant is shown.Except the difference of the price relevant with bandwidth except networked capabilities, example types can be different in various properties, the such as restriction of computing capability, storage size, memory size or always fix a price.

In the embodiment described, independent bandwidth restriction can be defined for the outbound traffic (row 1904) of each in two different traffic classes (being respectively labeled as kind " A " and " B ") and Inbound traffic (row 1908).Whether kind can about such as involved end points in supplier's network, or whether flow is directed to public the Internet and different from each other.Except the bandwidth of different instances type limits, Figure 19 also illustrates that departures and inbound bandwidth price (being row 1906 and 1910 respectively), and it is specified individually also for each in two kinds of traffic classes.It should be noted that it practice, some prices not can be provided that in some embodiments person network operator be set to zero-such as, in same data center, flow between the different calculated examples of instantiation can be " free " just.The possible client-access that information illustrated in fig. 19 can be serviced by virtual computing, and can by client determining when obtaining the example quantity of each type (together with other factors, the calculated performance of the application of such as client requires to use unrelated pricing strategy etc. with bandwidth) taken into consideration.Some clients can use the information category provided in such as Figure 19 to reserve the budget for relevant cost of networking.Depend on the needs of client application, situation there may come a time when it is give the maximum that client at least needs the bandwidth utilized to support during some time periods much smaller than example type, and it is thus possible to by asking applying lower limit more effectively to manage cost.For example, have in the environment of many individual users of the service being authorized to given network-accessible in given establishment, compared with its respective bandwidth uses with asking individual user spontaneously to control simply, application lower bandwidth restriction is probably the more reliable mode reducing the relevant cost of networking.

In at least some embodiment, may be used to similar centralized networked deployment service illustrated in fig. 1 realize the bandwidth restriction of client's request and/or the use minimizing restriction of other type of resource.In various embodiments, may be in response to client request and apply any one in the restriction that some type of networking is relevant, such as, a average discharge transfer rate that () will not be exceeded within certain time period, b () is even at the peak flow transfer rate will not being exceeded in short time period, the upper limit of the sum of c data byte that () transmits, or the upper limit of the number of internet message that (d) transmits.In some embodiments, the time period of average for application restriction and/or peak value restriction also can be indicated by client.Figure 20 illustrates that the resource that can be received by networked deployment server 180 according at least some embodiment uses restriction to reduce the instance elements of request 2020.In some embodiments, as mentioned above, given can have user accounts more associated there by charging customer account, and different resources uses restriction to can be applicable to different user accounts.As indicated, ask 2020 can include requested the reducing the element 2023 of the one or more user accounts applied of instruction via what routine interface 2070 was submitted to.In some embodiments, may further indicate that group's account.In one embodiment, the client 2010 with other resource of some different calculated examples or distribution can wish to use restriction to be applied to certain subset of those resources relatively low-resource.Can via restriction reduce another element 2026 of request 2020 indicate specific node or for the identifier of resource.In some implementations, the resource of the combination that can pass through certain set of client request Service Instance uses restriction.For example, client can ask to limit the bandwidth of XGB/ second to be jointly applied to example I1, I2 and I3, and if during special time period the bandwidth of example use summation more than the XGB/ second, then can be considered and meet restriction.

In some embodiments, corresponding use restriction can be applicable to different network traffics kinds.As described above, in some embodiments, the service of network-accessible can such as based on the scope of the network address of end points, and the geographical position etc. based on end points defines various network traffics kinds.In some embodiments, for example, corresponding restriction can be applicable to the flow that (a) flows on one or more public the Internet links, b flow that () is flowed in supplier's network data center, c () be the flow of flowing between by two supplier's network data center in the given geographic area of supplier's net definitions, the flow of flowing between (d) two supplier's network data center in the geographic area that two by supplier's net definitions are different, or the flow that (e) flows between particular service instance from the node of the different services realized at supplier's network place.In the embodiment shown in Figure 20, target can be indicated to be use the one or more traffic classes reduced via element 2029.

About to network flow quantitative limitation, flow direction (restriction of minimizing is applied to Inbound traffic, outbound traffic or both has) being indicated via element 2032.Can via element 2035 indicate by the time range of new for application restriction (such as, the time started, the end time or both).In the embodiment described, requested limits value (or current restriction reduces degree extremely) can be indicated via element 2038.For example, being alternative in the absolute value specifying new restriction, element 2038 may indicate that current bandwidth restriction should reduce 25%.In some implementations, when instruction newly limits, client can also indicate that the aspect-such as of the measuring method used, if the change of request average bandwidth restriction, so may specify the time period by calculating meansigma methods, if and request lower peak value bandwidth, then may specify by quantify peak bandwidth time period.In at least some embodiment, except specifying the restriction reduced, client 2010 also can define the one or more threshold values relative to restriction via element 2041, will take corresponding action by network configuration server 180 at described threshold value place.For example, client 2010 may want to 80% that when the measured flow rate of notified into or out calculated examples exceedes the bandwidth restriction of client request.In some implementations, request may be included in the instruction that notice provides when reaching threshold value one or more destinatioies (such as, email account) extremely.In some implementations, may indicate that some different threshold values and the corresponding action that will take, for instance, notice can be produced at 80% place of bandwidth restriction, and can start to abandon or give up bag by allowing service at 100% place.In some embodiments, other response action can be taked on one's own initiative under the clearly request of client or by servicing, such as temporarily make some bags queue up rather than transmission bag, or temporarily loosen/increase restriction.

Can provide, to the client of request, the confirmation 2050 changed in response to receiving request 2020, NCS180, and initial suitable configuration change is to apply requested restriction.For example, will being applied in the situation of the calculated examples of example host place realization in the bandwidth restriction reduced, NCS180 can newly limit the assembly transmitting the virtual management software stack being similar to storehouse 310 illustrated in fig. 3 to example host place.In some embodiments, NCS180 may wait for until having been filed on configuration change before sending confirmation 2050.

In some embodiments, restriction can be used to reduce for the example request resource of any one in the service (such as virtual computing service, various types of storage service, database service and analog) of multiple network-accessibles.In some embodiments, being alternative in the resource that directly instruction reduces and use limits value, client may indicate that satisfied resource budget restriction during the time period of certain instruction.As response, networked deployment service can be monitored the resource of the Service Instance of client and used and determine the charging cost (such as, being communicated by the accounting management assembly with involved service) of correspondence.If reaching the threshold value (or budget limit itself) close to budget limit, then client can be notified and/or one or more response action can be taked.Therefore, at least some embodiment, resource budget restriction can with resource use restricted like process (or be converted into resource use restriction).It should be noted that at least in some embodiments, support that the resource of client request uses the configuration service device that restriction reduces to be performed without at least some in the function described previously with respect to the NCS180 of Fig. 1.For example, the programme diagram similar with Fig. 7 or the classification tree similar with Fig. 5 are produced in response to using the configuration service device reducing request 2020 to be not necessarily required to.

As indicated previously, in at least some embodiment, given Accounting Client account (account such as, the tissue or entity that use the service of one or more network-accessibles of supplier's network set up for its office worker) can have different user accounts more associated there or group's account.In these embodiments, different resources can be set for different user or group and use restriction.Figure 21 illustrates that the total resources of the client account 2104A of the service of the network-accessible according at least some embodiment use restriction to arrange the foundation of 2110 and the related resource of groups of users, individual user and interlock account uses the example limiting the foundation arranged.As indicated, client account 2104A definable has group's account 2120 of one or more connection, such as groups of users 2120A and 2120B.Each group can include again multiple user account 2123, user account 2123K and the 2123L of such as group 2120B.Some user accounts (such as 2123A, 2123B and 2123C) are likely to be not belonging to any groups of users.

In the embodiment described, it may be determined that use restriction 2110 (such as bandwidth restriction) with the total resources of all accounts (such as various groups account 2120 and user account 2123) of client account 2104A connection.One or more extra client end account (such as account 2104B) can associate with client account 2104A, for instance for merging charging or for other purposes.In an example scenario, it is possible to used supplier's Internet resources to set up client account 2104A for the tissue O1 realizing application-specific, and it is likely to have been for set up client account 2104B with the different tissues O2 of O1 partner or the application that utilizes O1 to realize.Depending on setting up the preference of the targeted entity of two client accounts, total resources use restriction 2110 to also apply be applicable to the user accounts of association.In at least some embodiment, such as according to using restriction summation strategy 2190, in preset time section, resource measured by the account of all users, group and association is applied to the total resources of female client account 2104A and uses restriction during using and may not exceed this period.

In some embodiments, restriction can be used for the resource that the request of different user, group or interlock account is different.For example, group 2120A and 2120B can have a corresponding restriction 2150A and 2150B of appointment, and user 2123A, 2123B, 2123K and 2123L can have an appointment limits 2160A, 2160B, 2160K and 2160L accordingly.Some users (such as, 2123C) and/or group are likely not to have the restriction of definition their own, and its female group restriction and/or client account restriction can be applied in this case.The resource of interlock account 2104B definable their own uses restriction 2170, this user that also apply be applicable to definition in interlock account and/or group.Using restriction about resource illustrated in fig. 21, client account 2104A can regard " mother " entity as, and group, user and interlock account can regard " offspring " entity as.In at least some embodiment, such as can ask to use the minimizing of restriction by the resource of any one application in the different grain size indicated in Figure 21 or rank via the request similar with the request 2020 of Figure 20.If requested minimizing will be applied to female entity (such as client account 2104A), then instruction can reduce the impact mode to the restriction that offspring's entity applies in using restriction summation strategy 2190.For example, in one embodiment, if asking the bandwidth of generally 10% to reduce for client account, then the bandwidth restriction being applied to come from each user of client account or group also can be reduced 10% according to a selected strategy 2190.According to another strategy 2190, as long as (a) any given offspring restriction limits less than mother, and the summation that the real resource that (b) all descendent node are in preset time section uses limits less than mother, then offspring's restriction is likely to not change, unless asked this to change clearly.

The resource supporting client request uses the method that restriction reduces

Figure 22 illustrates that the resource being performed to enable the client to reduce one or more nodes of the service to network-accessible according at least some embodiment uses the operating aspect of restriction.As shown in element 2201, it may be achieved one or more routine interfaces so that network-accessible service (such as supplier's network place realize many tenants virtual computing service) client can for resource use restriction be applied to one or more Service Instances request resource use restriction minimizing.Routine interface can include such as Web page or web station, one or more API, GUI or command-line tool.

Such as can receive restriction at networked deployment server place via the one in routine interface and reduce request (element 2204).Restriction reduces request and can include about the various components by the new restriction of application, certain combination of the composition of all requests 2020 as shown in Figure 20.Particular clients account, traffic classes, Service Instance and/or time period that the restriction of minimizing will be applied to can be indicated in the request.Such as restriction can be applied in the situation of calculated examples carry out suitable configuration change according to request, can about the new limitation notification virtualization software assembly at affected example host place.Resource can be obtained from destination service example in time and use tolerance (element 2207).The detection having reached threshold value (wherein threshold value can define) according to the restriction of new opplication is used in response to measured resource, notice can be produced (such as, to the requestor of the restriction reduced, or the one or more specified notification targets to requestor's instruction) (element 2210).In some embodiments, the detection that may be in response to reach threshold value takes other to take action, for instance, if resource uses restriction to be applied to bandwidth, then discardable one or more bags or make it queue up, or can temporarily loosen restriction in some cases.This use restriction loosen can be attended by some cases alert message (such as, can although warning client temporarily to loosen restriction, but exceed restriction constantly or repeatedly or threshold value may result in loss of data).In at least some embodiment, the response action asking to use the client limiting minimizing to indicate these threshold values one or more and/or correspondence can be passed through.

Figure 23 illustrates that the resource being performed to enable the client to submit the node place with distributed system to according at least some embodiment uses the operating aspect limiting the inquiry being associated.As shown in element 2301, it may be achieved one or more routine interfaces are for various types of inquiries.Some clients can such as be desired to determine the current state or the tolerance that use relative to the resource of current applicable restriction.In another situation, client may want to obtain the tendency information being used in the change in time of one or more specified services example place about resource so that such as client uses restriction it can be anticipated that when need to change resource.In another situation, networked deployment server can be passed through and support about the inquiry based on budget-such as that resource uses, client may indicate that the target budget restriction of the networking about some Service Instances, and asks can help to the cost of client is maintained at the suggestion that the bandwidth restriction under budget changes.Inquiry (element 2304) can be received from client via the one in routine interface.Depend on the type of inquiry, difference action can be taked based on the tolerance that the Service Instance being applied to from inquiry is collected.

If inquiry is the current state (element 2310) used about resource, then the response (element 2351) of difference between the recently measured and applicable restriction in Service Instance place that indexed resource uses can be provided.If the trend of reception inquiry (element 2313), then the response (element 2354) of the change that indexed resource is used in the seclected time of interval can be provided.If receiving the suggestion based on budget to inquire about (element 2316), so networked deployment server can perform one or more use thing enable a client to realize budget target to be calculated necessary to restriction minimizing for determining, and provides result of calculation (element 2357) in inquiry response.In some embodiments, other type of inquiry can be supported.

It should be noted that, in various embodiments, except Figure 10, Figure 11, Figure 12, Figure 13, Figure 18, Figure 22 and Figure 23 flow chart in operation except the operation that illustrates may be used to realize the described functional various aspects of networked deployment, and some in shown operation are likely to not realize, or can different order realize, or in parallel rather than sequentially realizing.For example, for example it may be that, in some embodiments, it may be achieved multithreading NCS, some streams that can be performed in parallel operation illustrated in fig. 10 in this case produce and transmit the corresponding classification metadata set for respective objects node.

Behaviour in service

The technology of the above-described shaping network flow setting up the incompatible many node places to distributed system of centralized networked deployment server set provides the resource visualization capability based on thermal map, and realize the minimizing that resource uses the client request of restriction, can be used for many situations.For example, it is provided that hundreds of thousands example host that person's network can include being distributed in some data centers and a large amount of network equipment, wherein the amount being based on the network traffics flowing in and out example host at least partially of the income of supplier's network and obtain.In so big environment, use local module to make network management at each example host or network equipment place and determine to may result in many problems.First, its possibility can not obtain all inputs that the network management decision making wisdom is necessary at given example host place.Second, the complexity of the decision logic needed for example host place can need a large amount of computing capabilitys of example host, the computing capability that this Service Instance that can be reduced to client request stays.When network management logic needs to be changed, it is likely to must travel to and be applied to all example host, and this itself can be resource-intensive and be prone to the implementation made a mistake.

By contrast, by isolating the decision logic of the traffic shaping being used for a small amount of networked deployment server, the input of arrogant source set can be collected, thus causing wiser decision.The dedicated computing resource need not shared with other service can be used to realize networked deployment server, thus avoiding contention computing capability.Compared with must updating hundreds of or several thousand example host, can more easily apply the renewal to networked deployment logic.Centralized networked deployment service can be readily able to provide this by the unified view (including configurable thermal map) of the networking state being difficult to obtain to client.The resource reducing specified services example, user account or group's account with programming mode uses the client that the ability of restriction controls budget for hope to be helpful to.

In view of following clause, the embodiment of the disclosure can be described:

1. a system, comprising:

Multiple calculation elements, it is configured to:

Realize one or more routine interface, enabling a client to ask to apply to limit low resource than the existing resource use carried out when described request during at least interval at one or more Service Instance places of the addressable service of many tenant network of supplier's network and use restriction, wherein said relatively low-resource uses and limits and will be applied at least one network traffics kind by the pricing strategy depending on resource use；

Receiving client request via the special interface of the one or more routine interface, the specific relatively low-resource that the network traffics at particular service instance place are applied is used and limits by the request instruction of described client；

The resource obtaining the one or more network traffics kinds corresponding to described particular service instance place uses tolerance；And

In response to determining that the resource being associated with the network traffics at described particular service instance place uses the threshold level having reached to use restriction to determine based in part on described specific relatively low-resource, one or more response action of the initial generation including notice.

2. the system as described in clause 1, wherein said specific relatively low-resource use restriction include following in the instruction of one: the average discharge transfer rate that (a) will not be exceeded, b peak flow transfer rate that () will not be exceeded, the upper limit of the byte number of c data that () transmits, or the upper limit of the number of internet message that (d) transmits.

3. the system as described in clause 1, the request of wherein said client indicates described specific relatively low-resource to use the particular network traffic kind that restriction will be applied to, wherein said particular types be chosen from including following in one or more with described service associated plurality of network traffics kind: the flow that (a) flows on one or more public the Internet links, b flow that () is flowed in supplier's network data center, c flow that () is flowed between two supplier's network data center, d flow that () is flowed between described particular service instance from the node of the different services realized at described supplier's network place.

4. the system as described in clause 1, the described one or more network traffics flow directions using restriction to be applied to compared with low-resource of wherein said client request instruction, the one including in following: (a) flows to the flow of one or more destination from described particular service instance；B () flows to the flow of described particular service instance from one or more sources.

5. the system as described in clause 1, the request instruction of wherein said client represents the particular user account in multiple user accounts that client is set up in the described addressable service center of many tenant network, wherein said relatively low-resource uses restriction will be applied to described particular user account, and wherein different resources uses restriction to be applied to the different user account of the plurality of user account.

6. a method, comprising:

Performed by multiple calculation elements:

Realize routine interface, enabling a client to ask the one or more Service Instance places in the service of network-accessible to apply to use restriction than the resource that the existing resource carried out when described request uses restriction low, wherein said relatively low-resource uses restriction will be applied at least one the network traffics kind being associated with described service；

Receiving client request via the special interface of one or more routine interfaces, the specific relatively low-resource that the network traffics at particular service instance place are applied is used and limits by the request instruction of described client；

In response to determining that the resource being associated with the network traffics at described particular service instance place uses the threshold level having reached to use restriction to determine based in part on described specific relatively low-resource, initial one or more response action.

7. the method as described in clause 6, wherein said specific relatively low-resource use restriction include following in the instruction of one: the average discharge transfer rate that (a) will not be exceeded, b outburst flow transfer rate that () will not be exceeded, the upper limit of the byte number of c data that () transmits, or the upper limit of the number of internet message that (d) transmits.

8. the method as described in clause 6, the request of wherein said client indicates described specific relatively low-resource to use the particular network traffic kind that restriction will be applied to, wherein said particular types be chosen from including following in one or more with described service associated plurality of network traffics kind: the flow that (a) flows on one or more public the Internet links, b flow that () is flowed in supplier's network data center, c flow that () is flowed between two supplier's network data center, d flow that () is flowed between the node and the node of the different services realized at supplier's network place of described service.

9. the method as described in clause 6, the described one or more network traffics flow directions using restriction to be applied to compared with low-resource of wherein said client request instruction, the one including in following: (a) flows to the flow of one or more destinatioies end points from described particular service instance；B () flows to the flow of described particular service instance from one or more sources.

10. the method as described in clause 6, the request instruction of wherein said client represents the particular user account in multiple user accounts that client is set up in the described addressable service center of many tenant network, wherein said relatively low-resource uses restriction will be applied to described particular user account, and wherein different resources uses restriction to be applied to the different user account of the plurality of user account.

11. the method as described in clause 6, wherein said one or more response action include following in one: (a) gives up one or more bag, b () makes one or more bag queue up, or (c) makes the described resource that the network traffics at described particular service instance place are applied is used restriction increase at special time period.

12. the method as described in clause 6, it also includes being performed by the one or more calculation element:

Realize different routine interfaces so that client can determine the network traffics with described particular service instance place be associated measured by resource use；And

In response to the request received via described different routine interface, it is provided that the instruction that described measured resource uses.

13. the method as described in clause 6, the request of wherein said client includes to apply the instruction that described specific relatively low-resource uses the time period of restriction.

14. the method as described in clause 6, the request of wherein said client include following in the instruction of one: (a) described threshold level, or the specific response action of (b) the one or more response action.

15. the method as described in clause 6, wherein using the example host of supplier's network to realize the service of described network-accessible, described method also includes being performed by the one or more calculation element:

The corresponding multiple clients request using restriction compared with low-resource to specified services example place is received at the particular server place that the centralized networked deployment of described supplier's network services；And

Use the instruction of restriction from the transmission of described particular server to the corresponding control module of the respective instance main frame instantiation at described specified services example described corresponding relatively low-resource.

16. the addressable storage medium of non-transitory computer, its storage performs the programmed instruction of following operation when performing on the one or more processors:

Receiving client request via routine interface, the specific relatively low-resource that at least one network traffics kind at the particular instance place of the service to network-accessible applies is used restriction by the request instruction of described client；

The resource obtaining the one or more network traffics kinds corresponding to described particular instance place uses tolerance；And

The resource use being associated in response to the network traffics determined with described particular instance place has reached threshold level, initial one or more response action.

17. the addressable storage medium of non-transitory computer as described in clause 16, when wherein said instruction performs on the one or more processors:

Receiving different client requests, the resource of the combination that the network traffics at the first and second example places of the service to described network-accessible are applied by described different client request instruction jointly uses restriction；And

The summation that the described resource being associated in response to the network traffics determined with described first and second example places uses has reached threshold level, initial one or more response action.

18. the addressable storage medium of non-transitory computer as described in clause 16, the service of wherein said network-accessible include following in one: the service of (a) virtual computing, (b) storage service, or (c) database service.

19. the addressable storage medium of non-transitory computer as described in clause 16, when wherein said instruction performs on the one or more processors:

Receiving different client requests, described different client request indicates the client budget upper limit of the networked resources at the different instances place of the service of described network-accessible；And

The client charging cost being associated in response to the networked resources determined with described different instances place exceedes threshold value, initial one or more response action.

20. the addressable storage medium of non-transitory computer as described in clause 16, wherein said specific relatively low-resource use restriction include following in the instruction of one: the average discharge transfer rate that (a) will not be exceeded, b outburst flow transfer rate that () will not be exceeded, the upper limit of the byte number of c data that () transmits, or the upper limit of the number of internet message that (d) transmits.

21. a system, comprising:

One or more calculation elements, it is configured to:

Tolerance is obtained, including the network traffics tolerance collected from the node set realizing multiple client accounts at least one the addressable service of many tenant network addressable to supplier's network from multiple sources；

Determine network topology, relation between the relative client account that the primary nodal point of its instruction at least (a) described node set and secondary nodal point are assigned to, and the one or more network links between (b) described primary nodal point and described secondary nodal point；

Produce the expression of multiple networking performance indicator of described network topology, including the performance indicator of networking accordingly of described primary nodal point and described secondary nodal point；And

There is provided the described corresponding networking performance indicator of described primary nodal point and described secondary nodal point for including in the customizable resource thermal map shown in response to the request received via routine interface.

22. the system as described in clause 21, the described networking performance indicator of wherein said primary nodal point includes the measured network traffics speed at described primary nodal point place and the instruction of the ratio by being arranged between the bandwidth restriction that the networked deployment server of the described addressable service of many tenant network is determined for described primary nodal point.

23. the system as described in clause 21, wherein said request includes the instruction of traffic filtering criterion, determine the described networking performance indicator of described primary nodal point for the particular types of multiple network traffics kinds at described primary nodal point place according to described criterion, the described particular types of wherein said multiple kind is different from another kind at least one aspect in the following: (a) end-point addresses, b client account that () is associated with end-point addresses, or the described application of (c) representative application described network traffics of generation.

24. the system as described in clause 21, wherein said one or more calculation elements are also configured to:

Receive the instruction of the selected granularity of one or more tolerance of display in described customizable resource thermal map, described granularity include following in one: (a) port level granularity, (b) network interface level granularity, (c) virtual machine-level granularity, (d) host-level granularity, (e) chassis level granularity, (f) data center room level granularity, (g) data center level granularity, (h) used vessel level granularity, or (i) geographic area level granularity；And

It is at least partially based on described selected granularity and assembles the one or more collected tolerance for including in described customizable thermal map.

25. the system as described in clause 21, wherein in response to the described request received via described routine interface, the one or more calculation element is also configured to:

The mandate of the submitter obtaining described request is arranged；

It is at least partially based on described mandate to arrange and select the subset of the resource measurement collected by representing with described customizable resource thermal map.

26. a method, comprising:

Performed by one or more calculation elements:

Tolerance is obtained, including the network traffics tolerance of the node set collection of the service realizing network-accessible from the one or more client accounts representing described supplier's network from multiple sources of supplier's network；

Producing network topology, it represents the one or more relations between primary nodal point and the secondary nodal point of described node set；And

Thering is provided the corresponding networking performance indicator of described primary nodal point and described secondary nodal point for including corresponding in the resource thermal map of described network topology, wherein said corresponding networking performance indicator is to obtain from a part for described tolerance at least partly.

27. the method as described in clause 26, the described networking performance indicator of wherein said primary nodal point includes the instruction of the ratio between the measured network traffics speed at described primary nodal point place and the bandwidth restriction arranged for described primary nodal point.

28. the method as described in clause 26, wherein said resource thermal map include following in one: the processor performance designator of (a) described primary nodal point, or the memory property designator of (b) described primary nodal point, or the memory performance designator of (c) described primary nodal point.

29. the method as described in clause 26, the described networking performance indicator of wherein said primary nodal point includes the instruction of the ratio between measured network latency and the upper limit of the network latency of the flow for being associated with described primary nodal point place.

30. the method as described in clause 26, wherein produce described resource thermal map in response to request, wherein said request includes the instruction of traffic filtering criterion, determine the described networking performance indicator of described primary nodal point for the particular types of multiple network traffics kinds at described primary nodal point place according to described criterion, the described particular types of wherein said multiple kind is different from another kind at least one aspect in the following: (a) end-point addresses, b client account that () is associated with end-point addresses, or (c) represents application and produces the described application of described network traffics.

31. the method as described in clause 30, it also includes being performed by the one or more calculation element:

Realize different routine interfaces so that client can define one or more network traffics kind；And

Described particular kind of definition is received via described different routine interface.

32. the method as described in clause 26, it also includes being performed by the one or more calculation element:

Receive the instruction of the selected granularity of one or more tolerance shown via described resource thermal map, described granularity include following in one: (a) port level granularity, (b) network interface level granularity, (c) virtual machine-level granularity, (d) host-level granularity, (e) chassis level granularity, (f) data center room level granularity, (g) data center level granularity, (h) used vessel level granularity, or (i) geographic area level granularity；And

It is at least partially based on described selected granularity and assembles the one or more tolerance for including in described resource thermal map.

33. the method as described in clause 26, it also includes being performed by the one or more calculation element:

Receive the instruction of the selected collection time period of one or more tolerance shown via described resource thermal map；And

It is at least partially based on described selected collection time period and assembles the one or more tolerance for including in described resource thermal map.

34. the method as described in clause 26, wherein said multiple source include following in one or more: (a) NIC, b () is arranged on the networking components of the virtualization software storehouse at virtualized host place, c () virtualization calculates the networking components of the calculated examples of service, (d) network tapping device, (e) switch, (f) router, (g) gateway, or (h) load equalizer.

35. the method as described in clause 26, the service of wherein said network-accessible include following in one: the service of (a) virtual computing, (b) stores service or (c) database service.

36. the addressable storage medium of non-transitory computer, its storage performs the programmed instruction of following operation when performing on the one or more processors:

Obtain tolerance from multiple sources, including from represent multiple client account realize at least one network-accessible service node set collect network traffics tolerance；

Produce network topology, at least one during its expression is following: the relation between the relative client account that the primary nodal point of (a) described node set and secondary nodal point are assigned to, or the one or more network links between (b) described primary nodal point and described secondary nodal point；And

Thering is provided the corresponding networking performance indicator of described primary nodal point and described secondary nodal point for including corresponding in the resource thermal map of described network topology, wherein said respective performances designator is to obtain from a part for described tolerance at least partly.

37. the addressable storage medium of non-transitory computer as described in clause 16, the described networking performance indicator of wherein said primary nodal point includes the instruction of the ratio between the measured network traffics speed at described primary nodal point place and the bandwidth restriction arranged for described primary nodal point.

38. the addressable storage medium of non-transitory computer as described in clause 36, when wherein said instruction performs on the one or more processors:

Receive the instruction of traffic filtering criterion, determine the described networking performance indicator of described primary nodal point for the particular types of multiple network traffics kinds at described primary nodal point place according to described criterion, the described particular types of wherein said multiple kind is different from another kind at least one aspect in the following: (a) end-point addresses, b client account that () is associated with end-point addresses, or the described application of (c) representative application described network traffics of generation.

39. the addressable storage medium of non-transitory computer as described in clause 36, when wherein said instruction performs on the one or more processors:

40. the addressable storage medium of non-transitory computer as described in clause 36, when wherein said instruction performs on the one or more processors:

Realize routine interface so that the client of the service of described network-accessible can ask the subset of at least described tolerance；

Metric request is received from particular clients via described routine interface；And

In response to determining that described particular clients is granted access in described metric request one or more tolerance of instruction, the one or more is provided to measure to described particular clients.

Illustrative computer system

In at least some embodiment, the one or more some or all of server realized in technology described herein can include general-purpose computing system, it includes or is configured to access the addressable medium of one or more computer, and technology described herein includes the technology realizing networked deployment server, networked deployment service managerZ-HU, topology visualization server and/or example host.Figure 24 illustrates this general-purpose calculating appts 3000.In illustrated embodiment, calculation element 3000 includes the one or more processors 3010 coupleding to system storage 3020 via input/output (I/O) interface 3030.Calculation element 3000 farther includes to coupled to the network interface 3040 of I/O interface 3030.

In various embodiments, calculation element 3000 can be the single processor system including a processor 3010, or includes the multicomputer system of several processor 3010 (such as, two, four, eight or another suitable number).Processor 3010 can be able to perform any suitable processor of instruction.For example, in various embodiments, processor 3010 can be general or flush bonding processor, and it realizes any one in multiple instruction set architecture (ISA), such as x86, PowerPC, SPARC or MIPSISA or other suitable ISA any.In a multi-processor system, each in processor 3010 can be generally but not to realize identical ISA.In some implementations, alternative in or additional conventional processors and use Graphics Processing Unit (GPU).

System storage 3020 can be configured to the instruction and data that storage can be accessed by processor 3010.In various embodiments, system storage 3020 can use any suitable memory technology to realize, such as static RAM (SRAM), synchronous dynamic ram (SDRAM), non-volatile/flash type memory or any other type of memorizer.In illustrated embodiment, it is achieved the programmed instruction of one or more required functions and data (such as those described above method, technology and data) illustrate and are stored in system storage 3020 as code 3025 and data 3026.

In one embodiment, I/O interface 3030 can be configured to the I/O flow between coprocessor 3010, system storage 3020 and any peripheral unit (including network interface 3040 or other peripheral interface, such as in order to store the various types of permanent and/or volatile storage of the physical copy product of data object subregion) in device.In some embodiments, I/O interface 3030 can perform the agreement of any necessity, sequential or the conversion of other data with will from an assembly (such as, system storage 3020) data signal be converted to the form that applicable another assembly (such as, processor 3010) uses.In some embodiments, I/O interface 3030 can include the support to the device being attached by various types of peripheral buses, all variants such as (e.g.) periphery component interconnection (PCI) bus standard or USB (universal serial bus) (USB) standard of peripheral bus.In some embodiments, the function of I/O interface 3030 can be split into two or more independent assembly, all such as (e.g.) north bridge with south bridge.And, in some embodiments, I/O interface 3030 functional in some or all (such as with the interface of system storage 3020) can be directly incorporated into processor 3010.

Network interface 3040 can be configured to allow data exchange between calculation element 3000 and other device 3060 (such as such as Fig. 1 extremely other computer system illustrated in fig. 23 or device) being attached to one or more network 3050.In various embodiments, network interface 3040 can be supported via the communication that any suitable wired or wireless general data network (such as, for instance ethernet type) carries out.It addition, network interface 3040 can be supported via the communication that telecommunication/telephone network (such as simulation language network or digital fiber communication network), network and/or agreement via storage area network (such as optical-fibre channel SAN) or via other suitable type any carry out.

In some embodiments, system storage 3020 can be an embodiment of computer accessible, and it is configured to store the programmed instruction as described above for Fig. 1 to Figure 23 embodiment for realizing corresponding method and equipment described and data.But, in other embodiments, can receive in different types of computer accessible, send or store programmed instruction and/or data.In general, computer accessible can include non-transitory storage medium or storage medium, such as magnetically or optically medium, for instance coupled to dish or the DVD/CD of calculation element 3000 via I/O interface 3030.Non-transitory computer accessible storage medium may also include any volatibility or non-volatile media, such as RAM is (such as, SDRAM, DDRSDRAM, RDRAM, SRAM etc.), ROM etc., it can include in some embodiments of calculation element 3000 as system storage 3020 or another type of memorizer.It addition, computer accessible can include via the transmission medium that transmits of communication media (such as network and/or wireless link) that such as can realize via network interface 3040 or signal, the such as signal of telecommunication, electromagnetic signal or digital signal.Part or all of multiple calculation elements (in such as Figure 24 illustrate calculation element) may be used to realize in various embodiments described functional；For example, the component software run on multiple different device and server can be cooperated to provide this functional.In some embodiments, in addition to or in lieu using general-purpose computing system to realize, storage device, network equipment or dedicated computer system can be used to realize a described functional part." calculation element " refers to the device of at least all these types as used herein, the term, and is not limited to the device of these types.

Conclusion

Various embodiments can further include at and receive, send or store the instruction and/or data realized as described above in computer accessible.In general, computer accessible can include storage medium or storage medium (such as magnetically or optically medium, such as dish or DVD/CD-ROM), (such as RAM is (such as volatibility or non-volatile media, SDRAM, DDRRDRAM, SRAM etc.), ROM etc.), and the transmission medium transmitted via communication media (such as network and/or wireless link) or signal (such as the signal of telecommunication, electromagnetic signal or digital signal).

The example implementations with various method representation methods described herein of graphic middle explanation.Method can use software, hardware or its combination to realize.The order of method can change, and various element can add, resequences, combines, omits, amendment etc..

Various amendment and change can be carried out, as will be obvious for those skilled in the art in benefit of this disclosure.It is intended to comprise all such modifications and change, and correspondingly, above description should be treated according to illustrative and not restrictive meaning.

Claims

1. a method, comprising:

Performed by multiple calculation elements:

2. the method for claim 1, wherein said specific relatively low-resource use restriction include following in the instruction of one: the average discharge transfer rate that (a) will not be exceeded, b outburst flow transfer rate that () will not be exceeded, the upper limit of the byte number of c data that () transmits, or the upper limit of the number of internet message that (d) transmits.

3. the method for claim 1, the request of wherein said client indicates described specific relatively low-resource to use the particular network traffic kind that restriction will be applied to, wherein said particular types be chosen from including following in one or more with described service associated plurality of network traffics kind: the flow that (a) flows on one or more public the Internet links, b flow that () is flowed in supplier's network data center, c flow that () is flowed between two supplier's network data center, d flow that () is flowed between the node and the node of the different services realized at supplier's network place of described service.

4. the method for claim 1, the described one or more network traffics flow directions using restriction to be applied to compared with low-resource of wherein said client request instruction, the one including in following: (a) flows to the flow of one or more destinatioies end points from described particular service instance；B () flows to the flow of described particular service instance from one or more sources.

5. the method for claim 1, the request instruction of wherein said client represents the particular user account in multiple user accounts that client is set up in the addressable service center of many tenant network, wherein said relatively low-resource uses restriction will be applied to described particular user account, and wherein different resources uses restriction to be applied to the different user account of the plurality of user account.

6. the method for claim 1, wherein said one or more response action include following in one: (a) gives up one or more bag, b () makes one or more bag queue up, or (c) makes the described resource that the network traffics at described particular service instance place are applied is used restriction increase at special time period.

7. the method for claim 1, it also includes being performed by the one or more calculation element:

8. the method for claim 1, the request of wherein said client includes to apply the instruction that described specific relatively low-resource uses the time period of restriction.

9. the method for claim 1, the request of wherein said client include following in the instruction of one: (a) described threshold level, or the specific response action of (b) the one or more response action.

10. the method for claim 1, wherein uses the example host of supplier's network to realize the service of described network-accessible, and described method also includes being performed by the one or more calculation element:

11. a system, it includes one or more processor, and the one or more processor coupled to memorizer, and described memorizer includes the programmed instruction making described system perform following operation when performing on the one or more processors:

12. system as claimed in claim 11, when wherein said instruction performs on the one or more processors, also make described system:

13. system as claimed in claim 11, the service of wherein said network-accessible include following in one: the service of (a) virtual computing, (b) stores service or (c) database service.

14. system as claimed in claim 11, when wherein said instruction performs on the one or more processors, also make described system:

15. system as claimed in claim 11, wherein said specific relatively low-resource use restriction include following in the instruction of one: the average discharge transfer rate that (a) will not be exceeded, b outburst flow transfer rate that () will not be exceeded, the upper limit of the byte number of c data that () transmits, or the upper limit of the number of internet message that (d) transmits.